MSA-23-0013: XSS risk in TinyMCE alerts (upstream)

MSA-23-0013: XSS risk in TinyMCE alerts (upstream)

by Michael Hawkins -
Number of replies: 0

The TinyMCE editor included with Moodle required a security patch to be applied to fix an XSS risk.


Severity/Risk: Minor
Versions affected: 4.1 to 4.1.1
Versions fixed: 4.1.2
Reported by: Andrew Lyons
CVE identifier: CVE-2022-23494
Changes (master): N/A
Tracker issue: MDL-77470 XSS risk in TinyMCE alerts (upstream)