CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-47760

TinyMCE is an open source rich text editor. From 6.8.0 to before 7.1.0, TinyMCE contains an XSS vulnerability caused by improper SVG namespace scope handling in the sanitizer. A crafted payload using nested elements can bypass attribute sanitization and execute arbitrary JavaScript. This vulnerability is fixed in 7.1.0.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 9.9%

CVSS Severity

CVSS v3 Score 8.7

References

https://github.com/tinymce/tinymce/security/advisories/GHSA-mh5m-5hw4-5c69

Products affected by CVE-2026-47760

Tiny » Tinymce » Version: 6.8.0

cpe:2.3:a:tiny:tinymce:6.8.0
Tiny » Tinymce » Version: 6.8.1

cpe:2.3:a:tiny:tinymce:6.8.1
Tiny » Tinymce » Version: 6.8.2

cpe:2.3:a:tiny:tinymce:6.8.2
Tiny » Tinymce » Version: 6.8.3

cpe:2.3:a:tiny:tinymce:6.8.3
Tiny » Tinymce » Version: 6.8.4

cpe:2.3:a:tiny:tinymce:6.8.4
Tiny » Tinymce » Version: 6.8.5

cpe:2.3:a:tiny:tinymce:6.8.5
Tiny » Tinymce » Version: 6.8.6

cpe:2.3:a:tiny:tinymce:6.8.6
Tiny » Tinymce » Version: 7.0.0

cpe:2.3:a:tiny:tinymce:7.0.0
Tiny » Tinymce » Version: 7.0.1

cpe:2.3:a:tiny:tinymce:7.0.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-47760

Products

Pricing

Contact Us