cvelistv5 - cve-2024-29881

cve-2024-29881

Vulnerability from cvelistv5

Published

2024-03-26 13:31

Modified

2024-08-02 17:59

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Summary

TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an `object` or `embed` element and that image could potentially contain a XSS payload. This vulnerability is fixed in 6.8.1 and 7.0.0.

References

▼	URL	Tags
	security-advisories@github.com	https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1
	security-advisories@github.com	https://github.com/tinymce/tinymce/security/advisories/GHSA-5359-pvf2-pw78
	security-advisories@github.com	https://www.tiny.cloud/docs/tinymce/6/6.8.1-release-notes/#new-convert_unsafe_embeds-option-that-controls-whether-object-and-embed-elements-will-be-converted-to-more-restrictive-alternatives-namely-img-for-image-mime-types-video-for-video-mime-types-audio-audio-mime-types-or-iframe-for-other-or-unspecified-mime-types
	security-advisories@github.com	https://www.tiny.cloud/docs/tinymce/7/7.0-release-notes/#convert_unsafe_embeds-editor-option-is-now-defaulted-to-true
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/tinymce/tinymce/security/advisories/GHSA-5359-pvf2-pw78
	af854a3a-2127-422b-91ae-364da2661108	https://www.tiny.cloud/docs/tinymce/6/6.8.1-release-notes/#new-convert_unsafe_embeds-option-that-controls-whether-object-and-embed-elements-will-be-converted-to-more-restrictive-alternatives-namely-img-for-image-mime-types-video-for-video-mime-types-audio-audio-mime-types-or-iframe-for-other-or-unspecified-mime-types
	af854a3a-2127-422b-91ae-364da2661108	https://www.tiny.cloud/docs/tinymce/7/7.0-release-notes/#convert_unsafe_embeds-editor-option-is-now-defaulted-to-true

Impacted products

	Vendor	Product	Version
	tinymce	tinymce	Version: < 7.0.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:17:58.006Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/tinymce/tinymce/security/advisories/GHSA-5359-pvf2-pw78",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/tinymce/tinymce/security/advisories/GHSA-5359-pvf2-pw78"
          },
          {
            "name": "https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1"
          },
          {
            "name": "https://www.tiny.cloud/docs/tinymce/6/6.8.1-release-notes/#new-convert_unsafe_embeds-option-that-controls-whether-object-and-embed-elements-will-be-converted-to-more-restrictive-alternatives-namely-img-for-image-mime-types-video-for-video-mime-types-audio-audio-mime-types-or-iframe-for-other-or-unspecified-mime-types",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.tiny.cloud/docs/tinymce/6/6.8.1-release-notes/#new-convert_unsafe_embeds-option-that-controls-whether-object-and-embed-elements-will-be-converted-to-more-restrictive-alternatives-namely-img-for-image-mime-types-video-for-video-mime-types-audio-audio-mime-types-or-iframe-for-other-or-unspecified-mime-types"
          },
          {
            "name": "https://www.tiny.cloud/docs/tinymce/7/7.0-release-notes/#convert_unsafe_embeds-editor-option-is-now-defaulted-to-true",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.tiny.cloud/docs/tinymce/7/7.0-release-notes/#convert_unsafe_embeds-editor-option-is-now-defaulted-to-true"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-29881",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-02T17:59:17.492403Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:59:24.301Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "tinymce",
          "vendor": "tinymce",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 7.0.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "TinyMCE is an open source rich text editor.  A cross-site scripting (XSS) vulnerability was discovered in TinyMCE\u2019s content loading and content inserting code. A SVG image could be loaded though an `object` or `embed` element and that image could potentially contain a XSS payload. This vulnerability is fixed in 6.8.1 and 7.0.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-26T13:31:15.375Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/tinymce/tinymce/security/advisories/GHSA-5359-pvf2-pw78",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/tinymce/tinymce/security/advisories/GHSA-5359-pvf2-pw78"
        },
        {
          "name": "https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1"
        },
        {
          "name": "https://www.tiny.cloud/docs/tinymce/6/6.8.1-release-notes/#new-convert_unsafe_embeds-option-that-controls-whether-object-and-embed-elements-will-be-converted-to-more-restrictive-alternatives-namely-img-for-image-mime-types-video-for-video-mime-types-audio-audio-mime-types-or-iframe-for-other-or-unspecified-mime-types",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.tiny.cloud/docs/tinymce/6/6.8.1-release-notes/#new-convert_unsafe_embeds-option-that-controls-whether-object-and-embed-elements-will-be-converted-to-more-restrictive-alternatives-namely-img-for-image-mime-types-video-for-video-mime-types-audio-audio-mime-types-or-iframe-for-other-or-unspecified-mime-types"
        },
        {
          "name": "https://www.tiny.cloud/docs/tinymce/7/7.0-release-notes/#convert_unsafe_embeds-editor-option-is-now-defaulted-to-true",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.tiny.cloud/docs/tinymce/7/7.0-release-notes/#convert_unsafe_embeds-editor-option-is-now-defaulted-to-true"
        }
      ],
      "source": {
        "advisory": "GHSA-5359-pvf2-pw78",
        "discovery": "UNKNOWN"
      },
      "title": "TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-29881",
    "datePublished": "2024-03-26T13:31:15.375Z",
    "dateReserved": "2024-03-21T15:12:08.997Z",
    "dateUpdated": "2024-08-02T17:59:24.301Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-29881\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-03-26T14:15:09.070\",\"lastModified\":\"2024-11-21T09:08:32.393\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"TinyMCE is an open source rich text editor.  A cross-site scripting (XSS) vulnerability was discovered in TinyMCE\u2019s content loading and content inserting code. A SVG image could be loaded though an `object` or `embed` element and that image could potentially contain a XSS payload. This vulnerability is fixed in 6.8.1 and 7.0.0.\"},{\"lang\":\"es\",\"value\":\"TinyMCE es un editor de texto enriquecido de c\u00f3digo abierto. Se descubri\u00f3 una vulnerabilidad de cross-site scripting (XSS) en el c\u00f3digo de carga e inserci\u00f3n de contenido de TinyMCE. Se podr\u00eda cargar una imagen SVG a trav\u00e9s de un elemento \\\"objeto\\\" o \\\"incrustar\\\" y esa imagen podr\u00eda contener potencialmente un payload XSS. Esta vulnerabilidad se solucion\u00f3 en 6.8.1 y 7.0.0.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"references\":[{\"url\":\"https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/tinymce/tinymce/security/advisories/GHSA-5359-pvf2-pw78\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://www.tiny.cloud/docs/tinymce/6/6.8.1-release-notes/#new-convert_unsafe_embeds-option-that-controls-whether-object-and-embed-elements-will-be-converted-to-more-restrictive-alternatives-namely-img-for-image-mime-types-video-for-video-mime-types-audio-audio-mime-types-or-iframe-for-other-or-unspecified-mime-types\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://www.tiny.cloud/docs/tinymce/7/7.0-release-notes/#convert_unsafe_embeds-editor-option-is-now-defaulted-to-true\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/tinymce/tinymce/security/advisories/GHSA-5359-pvf2-pw78\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.tiny.cloud/docs/tinymce/6/6.8.1-release-notes/#new-convert_unsafe_embeds-option-that-controls-whether-object-and-embed-elements-will-be-converted-to-more-restrictive-alternatives-namely-img-for-image-mime-types-video-for-video-mime-types-audio-audio-mime-types-or-iframe-for-other-or-unspecified-mime-types\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.tiny.cloud/docs/tinymce/7/7.0-release-notes/#convert_unsafe_embeds-editor-option-is-now-defaulted-to-true\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/tinymce/tinymce/security/advisories/GHSA-5359-pvf2-pw78\", \"name\": \"https://github.com/tinymce/tinymce/security/advisories/GHSA-5359-pvf2-pw78\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1\", \"name\": \"https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.tiny.cloud/docs/tinymce/6/6.8.1-release-notes/#new-convert_unsafe_embeds-option-that-controls-whether-object-and-embed-elements-will-be-converted-to-more-restrictive-alternatives-namely-img-for-image-mime-types-video-for-video-mime-types-audio-audio-mime-types-or-iframe-for-other-or-unspecified-mime-types\", \"name\": \"https://www.tiny.cloud/docs/tinymce/6/6.8.1-release-notes/#new-convert_unsafe_embeds-option-that-controls-whether-object-and-embed-elements-will-be-converted-to-more-restrictive-alternatives-namely-img-for-image-mime-types-video-for-video-mime-types-audio-audio-mime-types-or-iframe-for-other-or-unspecified-mime-types\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.tiny.cloud/docs/tinymce/7/7.0-release-notes/#convert_unsafe_embeds-editor-option-is-now-defaulted-to-true\", \"name\": \"https://www.tiny.cloud/docs/tinymce/7/7.0-release-notes/#convert_unsafe_embeds-editor-option-is-now-defaulted-to-true\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T01:17:58.006Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-29881\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-02T17:59:17.492403Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-02T17:59:21.271Z\"}}], \"cna\": {\"title\": \"TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements\", \"source\": {\"advisory\": \"GHSA-5359-pvf2-pw78\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"tinymce\", \"product\": \"tinymce\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 7.0.0\"}]}], \"references\": [{\"url\": \"https://github.com/tinymce/tinymce/security/advisories/GHSA-5359-pvf2-pw78\", \"name\": \"https://github.com/tinymce/tinymce/security/advisories/GHSA-5359-pvf2-pw78\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1\", \"name\": \"https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.tiny.cloud/docs/tinymce/6/6.8.1-release-notes/#new-convert_unsafe_embeds-option-that-controls-whether-object-and-embed-elements-will-be-converted-to-more-restrictive-alternatives-namely-img-for-image-mime-types-video-for-video-mime-types-audio-audio-mime-types-or-iframe-for-other-or-unspecified-mime-types\", \"name\": \"https://www.tiny.cloud/docs/tinymce/6/6.8.1-release-notes/#new-convert_unsafe_embeds-option-that-controls-whether-object-and-embed-elements-will-be-converted-to-more-restrictive-alternatives-namely-img-for-image-mime-types-video-for-video-mime-types-audio-audio-mime-types-or-iframe-for-other-or-unspecified-mime-types\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.tiny.cloud/docs/tinymce/7/7.0-release-notes/#convert_unsafe_embeds-editor-option-is-now-defaulted-to-true\", \"name\": \"https://www.tiny.cloud/docs/tinymce/7/7.0-release-notes/#convert_unsafe_embeds-editor-option-is-now-defaulted-to-true\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"TinyMCE is an open source rich text editor.  A cross-site scripting (XSS) vulnerability was discovered in TinyMCE\\u2019s content loading and content inserting code. A SVG image could be loaded though an `object` or `embed` element and that image could potentially contain a XSS payload. This vulnerability is fixed in 6.8.1 and 7.0.0.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-03-26T13:31:15.375Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-29881\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-02T17:59:24.301Z\", \"dateReserved\": \"2024-03-21T15:12:08.997Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-03-26T13:31:15.375Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

wid-sec-w-2024-1368

Vulnerability from csaf_certbund

Published

2024-06-12 22:00

Modified

2024-06-12 22:00

Summary

IBM Maximo Asset Management: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Maximo Asset Management ist ein Enterprise-Asset-Management-System, das umfassenden Support für Assets, Maintenance, Ressourcen und Supply-Chain-Management-Anforderungen bietet.

Angriff

Ein lokaler Angreifer kann mehrere Schwachstellen in IBM Maximo Asset Management ausnutzen, um Informationen offenzulegen und um Cross-Site Scripting Angriffe durchzuführen.

Betroffene Betriebssysteme

- Linux - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Maximo Asset Management ist ein Enterprise-Asset-Management-System, das umfassenden Support f\u00fcr Assets, Maintenance, Ressourcen und Supply-Chain-Management-Anforderungen bietet.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen in IBM Maximo Asset Management ausnutzen, um Informationen offenzulegen und um Cross-Site Scripting Angriffe durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-1368 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1368.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-1368 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1368"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2024-06-12",
        "url": "https://www.ibm.com/support/pages/node/7157257"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2024-06-12",
        "url": "https://www.ibm.com/support/pages/node/7157258"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2024-06-12",
        "url": "https://www.ibm.com/support/pages/node/7157259"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM Maximo Asset Management: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-06-12T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:10:09.866+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2024-1368",
      "initial_release_date": "2024-06-12T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-06-12T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "7.6.1.3",
                "product": {
                  "name": "IBM Maximo Asset Management 7.6.1.3",
                  "product_id": "1234217",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:maximo_asset_management:7.6.1.3"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Maximo Asset Management"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-22333",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in IBM Maximo Asset Management. Webseiten k\u00f6nnen lokal gespeichert werden, so dass ein anderer Benutzer auf dem System sie lesen kann. Ein lokaler Angreifer kann dies ausnutzen, um Informationen offenzulegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "1234217"
        ]
      },
      "release_date": "2024-06-12T22:00:00.000+00:00",
      "title": "CVE-2024-22333"
    },
    {
      "cve": "CVE-2024-29203",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Maximo Asset Management existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden in TinyMCE nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, anonymer Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren und dadurch Authentisierungs-Cookies stehlen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "1234217"
        ]
      },
      "release_date": "2024-06-12T22:00:00.000+00:00",
      "title": "CVE-2024-29203"
    },
    {
      "cve": "CVE-2024-29881",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Maximo Asset Management existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden in TinyMCE nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, anonymer Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren und dadurch Authentisierungs-Cookies stehlen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "1234217"
        ]
      },
      "release_date": "2024-06-12T22:00:00.000+00:00",
      "title": "CVE-2024-29881"
    }
  ]
}

WID-SEC-W-2024-1368

Vulnerability from csaf_certbund

Published

2024-06-12 22:00

Modified

2024-06-12 22:00

Summary

IBM Maximo Asset Management: Mehrere Schwachstellen

Notes

Produktbeschreibung

Maximo Asset Management ist ein Enterprise-Asset-Management-System, das umfassenden Support für Assets, Maintenance, Ressourcen und Supply-Chain-Management-Anforderungen bietet.

Angriff

Ein lokaler Angreifer kann mehrere Schwachstellen in IBM Maximo Asset Management ausnutzen, um Informationen offenzulegen und um Cross-Site Scripting Angriffe durchzuführen.

Betroffene Betriebssysteme

- Linux - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Maximo Asset Management ist ein Enterprise-Asset-Management-System, das umfassenden Support f\u00fcr Assets, Maintenance, Ressourcen und Supply-Chain-Management-Anforderungen bietet.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen in IBM Maximo Asset Management ausnutzen, um Informationen offenzulegen und um Cross-Site Scripting Angriffe durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-1368 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1368.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-1368 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1368"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2024-06-12",
        "url": "https://www.ibm.com/support/pages/node/7157257"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2024-06-12",
        "url": "https://www.ibm.com/support/pages/node/7157258"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2024-06-12",
        "url": "https://www.ibm.com/support/pages/node/7157259"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM Maximo Asset Management: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-06-12T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:10:09.866+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2024-1368",
      "initial_release_date": "2024-06-12T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-06-12T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "7.6.1.3",
                "product": {
                  "name": "IBM Maximo Asset Management 7.6.1.3",
                  "product_id": "1234217",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:maximo_asset_management:7.6.1.3"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Maximo Asset Management"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-22333",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in IBM Maximo Asset Management. Webseiten k\u00f6nnen lokal gespeichert werden, so dass ein anderer Benutzer auf dem System sie lesen kann. Ein lokaler Angreifer kann dies ausnutzen, um Informationen offenzulegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "1234217"
        ]
      },
      "release_date": "2024-06-12T22:00:00.000+00:00",
      "title": "CVE-2024-22333"
    },
    {
      "cve": "CVE-2024-29203",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Maximo Asset Management existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden in TinyMCE nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, anonymer Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren und dadurch Authentisierungs-Cookies stehlen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "1234217"
        ]
      },
      "release_date": "2024-06-12T22:00:00.000+00:00",
      "title": "CVE-2024-29203"
    },
    {
      "cve": "CVE-2024-29881",
      "notes": [
        {
          "category": "description",
          "text": "In IBM Maximo Asset Management existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden in TinyMCE nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, anonymer Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren und dadurch Authentisierungs-Cookies stehlen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "1234217"
        ]
      },
      "release_date": "2024-06-12T22:00:00.000+00:00",
      "title": "CVE-2024-29881"
    }
  ]
}

fkie_cve-2024-29881

Vulnerability from fkie_nvd

Published

2024-03-26 14:15

Modified

2024-11-21 09:08

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Summary

References

▼	URL	Tags
	security-advisories@github.com	https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1
	security-advisories@github.com	https://github.com/tinymce/tinymce/security/advisories/GHSA-5359-pvf2-pw78
	security-advisories@github.com	https://www.tiny.cloud/docs/tinymce/6/6.8.1-release-notes/#new-convert_unsafe_embeds-option-that-controls-whether-object-and-embed-elements-will-be-converted-to-more-restrictive-alternatives-namely-img-for-image-mime-types-video-for-video-mime-types-audio-audio-mime-types-or-iframe-for-other-or-unspecified-mime-types
	security-advisories@github.com	https://www.tiny.cloud/docs/tinymce/7/7.0-release-notes/#convert_unsafe_embeds-editor-option-is-now-defaulted-to-true
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/tinymce/tinymce/security/advisories/GHSA-5359-pvf2-pw78
	af854a3a-2127-422b-91ae-364da2661108	https://www.tiny.cloud/docs/tinymce/6/6.8.1-release-notes/#new-convert_unsafe_embeds-option-that-controls-whether-object-and-embed-elements-will-be-converted-to-more-restrictive-alternatives-namely-img-for-image-mime-types-video-for-video-mime-types-audio-audio-mime-types-or-iframe-for-other-or-unspecified-mime-types
	af854a3a-2127-422b-91ae-364da2661108	https://www.tiny.cloud/docs/tinymce/7/7.0-release-notes/#convert_unsafe_embeds-editor-option-is-now-defaulted-to-true

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "TinyMCE is an open source rich text editor.  A cross-site scripting (XSS) vulnerability was discovered in TinyMCE\u2019s content loading and content inserting code. A SVG image could be loaded though an `object` or `embed` element and that image could potentially contain a XSS payload. This vulnerability is fixed in 6.8.1 and 7.0.0."
    },
    {
      "lang": "es",
      "value": "TinyMCE es un editor de texto enriquecido de c\u00f3digo abierto. Se descubri\u00f3 una vulnerabilidad de cross-site scripting (XSS) en el c\u00f3digo de carga e inserci\u00f3n de contenido de TinyMCE. Se podr\u00eda cargar una imagen SVG a trav\u00e9s de un elemento \"objeto\" o \"incrustar\" y esa imagen podr\u00eda contener potencialmente un payload XSS. Esta vulnerabilidad se solucion\u00f3 en 6.8.1 y 7.0.0."
    }
  ],
  "id": "CVE-2024-29881",
  "lastModified": "2024-11-21T09:08:32.393",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-03-26T14:15:09.070",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/tinymce/tinymce/security/advisories/GHSA-5359-pvf2-pw78"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://www.tiny.cloud/docs/tinymce/6/6.8.1-release-notes/#new-convert_unsafe_embeds-option-that-controls-whether-object-and-embed-elements-will-be-converted-to-more-restrictive-alternatives-namely-img-for-image-mime-types-video-for-video-mime-types-audio-audio-mime-types-or-iframe-for-other-or-unspecified-mime-types"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://www.tiny.cloud/docs/tinymce/7/7.0-release-notes/#convert_unsafe_embeds-editor-option-is-now-defaulted-to-true"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/tinymce/tinymce/security/advisories/GHSA-5359-pvf2-pw78"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.tiny.cloud/docs/tinymce/6/6.8.1-release-notes/#new-convert_unsafe_embeds-option-that-controls-whether-object-and-embed-elements-will-be-converted-to-more-restrictive-alternatives-namely-img-for-image-mime-types-video-for-video-mime-types-audio-audio-mime-types-or-iframe-for-other-or-unspecified-mime-types"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.tiny.cloud/docs/tinymce/7/7.0-release-notes/#convert_unsafe_embeds-editor-option-is-now-defaulted-to-true"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

gsd-2024-29881

Vulnerability from gsd

Modified

2024-04-03 05:02

Details

Aliases

CVE-2024-29881

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-29881"
      ],
      "details": "TinyMCE is an open source rich text editor.  A cross-site scripting (XSS) vulnerability was discovered in TinyMCE\u2019s content loading and content inserting code. A SVG image could be loaded though an `object` or `embed` element and that image could potentially contain a XSS payload. This vulnerability is fixed in 6.8.1 and 7.0.0.",
      "id": "GSD-2024-29881",
      "modified": "2024-04-03T05:02:30.724611Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2024-29881",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "tinymce",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "\u003c 7.0.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "tinymce"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "TinyMCE is an open source rich text editor.  A cross-site scripting (XSS) vulnerability was discovered in TinyMCE\u2019s content loading and content inserting code. A SVG image could be loaded though an `object` or `embed` element and that image could potentially contain a XSS payload. This vulnerability is fixed in 6.8.1 and 7.0.0."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-79",
                "lang": "eng",
                "value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/tinymce/tinymce/security/advisories/GHSA-5359-pvf2-pw78",
            "refsource": "MISC",
            "url": "https://github.com/tinymce/tinymce/security/advisories/GHSA-5359-pvf2-pw78"
          },
          {
            "name": "https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1",
            "refsource": "MISC",
            "url": "https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1"
          },
          {
            "name": "https://www.tiny.cloud/docs/tinymce/6/6.8.1-release-notes/#new-convert_unsafe_embeds-option-that-controls-whether-object-and-embed-elements-will-be-converted-to-more-restrictive-alternatives-namely-img-for-image-mime-types-video-for-video-mime-types-audio-audio-mime-types-or-iframe-for-other-or-unspecified-mime-types",
            "refsource": "MISC",
            "url": "https://www.tiny.cloud/docs/tinymce/6/6.8.1-release-notes/#new-convert_unsafe_embeds-option-that-controls-whether-object-and-embed-elements-will-be-converted-to-more-restrictive-alternatives-namely-img-for-image-mime-types-video-for-video-mime-types-audio-audio-mime-types-or-iframe-for-other-or-unspecified-mime-types"
          },
          {
            "name": "https://www.tiny.cloud/docs/tinymce/7/7.0-release-notes/#convert_unsafe_embeds-editor-option-is-now-defaulted-to-true",
            "refsource": "MISC",
            "url": "https://www.tiny.cloud/docs/tinymce/7/7.0-release-notes/#convert_unsafe_embeds-editor-option-is-now-defaulted-to-true"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-5359-pvf2-pw78",
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "descriptions": [
          {
            "lang": "en",
            "value": "TinyMCE is an open source rich text editor.  A cross-site scripting (XSS) vulnerability was discovered in TinyMCE\u2019s content loading and content inserting code. A SVG image could be loaded though an `object` or `embed` element and that image could potentially contain a XSS payload. This vulnerability is fixed in 6.8.1 and 7.0.0."
          }
        ],
        "id": "CVE-2024-29881",
        "lastModified": "2024-03-26T17:09:53.043",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 1.4,
              "source": "security-advisories@github.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2024-03-26T14:15:09.070",
        "references": [
          {
            "source": "security-advisories@github.com",
            "url": "https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1"
          },
          {
            "source": "security-advisories@github.com",
            "url": "https://github.com/tinymce/tinymce/security/advisories/GHSA-5359-pvf2-pw78"
          },
          {
            "source": "security-advisories@github.com",
            "url": "https://www.tiny.cloud/docs/tinymce/6/6.8.1-release-notes/#new-convert_unsafe_embeds-option-that-controls-whether-object-and-embed-elements-will-be-converted-to-more-restrictive-alternatives-namely-img-for-image-mime-types-video-for-video-mime-types-audio-audio-mime-types-or-iframe-for-other-or-unspecified-mime-types"
          },
          {
            "source": "security-advisories@github.com",
            "url": "https://www.tiny.cloud/docs/tinymce/7/7.0-release-notes/#convert_unsafe_embeds-editor-option-is-now-defaulted-to-true"
          }
        ],
        "sourceIdentifier": "security-advisories@github.com",
        "vulnStatus": "Awaiting Analysis",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-79"
              }
            ],
            "source": "security-advisories@github.com",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

ghsa-5359-pvf2-pw78

Vulnerability from github

Published

2024-03-26 21:23

Modified

2024-03-26 21:23

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Summary

TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements

Details

Impact

A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an object or embed element and that image could potentially contain a XSS payload.

Fix

TinyMCE 6.8.1 introduced a new convert_unsafe_embeds option to automatically convert object and embed elements respective of their type attribute. From TinyMCE 7.0.0 onwards, the convert_unsafe_embeds option is enabled by default.

Workarounds

If you are using TinyMCE 6.8.1 or higher, set convert_unsafe_embeds to true. For any earlier versions, a custom NodeFilter is recommended to remove or modify any object or embed elements. This can be added using the editor.parser.addNodeFilter and editor.serializer.addNodeFilter APIs.

Acknowledgements

Tiny Technologies would like to thank Toni Huttunen of Fraktal Oy for discovering this vulnerability.

References

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "tinymce/tinymce"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "tinymce"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "TinyMCE"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-29881"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-03-26T21:23:45Z",
    "nvd_published_at": "2024-03-26T14:15:09Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nA [cross-site scripting (XSS)](https://owasp.org/www-community/attacks/xss/) vulnerability was discovered in TinyMCE\u2019s content loading and content inserting code. A SVG image could be loaded though an `object` or `embed` element and that image could potentially contain a XSS payload.\n\n### Fix\nTinyMCE 6.8.1 introduced a new `convert_unsafe_embeds` option to automatically convert `object` and `embed` elements respective of their `type` attribute.  From TinyMCE 7.0.0 onwards, the `convert_unsafe_embeds` option is enabled by default.\n\n### Workarounds\nIf you are using TinyMCE 6.8.1 or higher, set `convert_unsafe_embeds` to true. For any earlier versions, a custom NodeFilter is recommended to remove or modify any `object` or `embed` elements. This can be added using the `editor.parser.addNodeFilter` and `editor.serializer.addNodeFilter` APIs.\n\n### Acknowledgements\nTiny Technologies would like to thank Toni Huttunen of [Fraktal Oy](https://www.fraktal.fi/) for discovering this vulnerability.\n\n### References\n- [TinyMCE 6.8.1](https://www.tiny.cloud/docs/tinymce/6/6.8.1-release-notes/#new-convert_unsafe_embeds-option-that-controls-whether-object-and-embed-elements-will-be-converted-to-more-restrictive-alternatives-namely-img-for-image-mime-types-video-for-video-mime-types-audio-audio-mime-types-or-iframe-for-other-or-unspecified-mime-types)\n- [TinyMCE 7.0.0](https://www.tiny.cloud/docs/tinymce/7/7.0-release-notes/#convert_unsafe_embeds-editor-option-is-now-defaulted-to-true)\n\n",
  "id": "GHSA-5359-pvf2-pw78",
  "modified": "2024-03-26T21:23:45Z",
  "published": "2024-03-26T21:23:45Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tinymce/tinymce/security/advisories/GHSA-5359-pvf2-pw78"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29881"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/tinymce/tinymce"
    },
    {
      "type": "WEB",
      "url": "https://www.tiny.cloud/docs/tinymce/6/6.8.1-release-notes/#new-convert_unsafe_embeds-option-that-controls-whether-object-and-embed-elements-will-be-converted-to-more-restrictive-alternatives-namely-img-for-image-mime-types-video-for-video-mime-types-audio-audio-mime-types-or-iframe-for-other-or-unspecified-mime-types"
    },
    {
      "type": "WEB",
      "url": "https://www.tiny.cloud/docs/tinymce/7/7.0-release-notes/#convert_unsafe_embeds-editor-option-is-now-defaulted-to-true"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2024-29881

Vulnerability from cvelistv5

wid-sec-w-2024-1368

Vulnerability from csaf_certbund

WID-SEC-W-2024-1368

Vulnerability from csaf_certbund

fkie_cve-2024-29881

Vulnerability from fkie_nvd

gsd-2024-29881

Vulnerability from gsd

ghsa-5359-pvf2-pw78

Vulnerability from github

Impact

Fix

Workarounds

Acknowledgements

References

Tags

Sightings

Nomenclature