{"uuid": "e4bc5243-bbfe-47a6-ac9e-32f83d9b7424", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-5H9G-X5RV-25WG", "type": "seen", "source": "https://t.me/arpsyndicate/2512", "content": "#ExploitObserverAlert\n\nGHSA-5h9g-x5rv-25wg\n\nDESCRIPTION: Exploit Observer has 3 entries related to GHSA-5H9G-X5RV-25WG. A cross-site scripting (XSS) vulnerability was discovered in the schema validation logic of the core parser. The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor using the clipboard or editor APIs. This malicious content could then end up in content published outside the editor, if no server-side sanitization was performed. This impacts all users who are using TinyMCE 5.8.2 or lower.\n\nGHSS: 6.1", "creation_timestamp": "2024-01-05T18:57:40.000000Z"}