Reconnecting to live updates…

CVE-2024-21911: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Medium

VulnerabilityCVE-2024-21911cve cve-2024-21911 cwe-79

Published: Wed Jan 03 2024 (01/03/2024, 15:59:00 UTC)

Source: CVE Database V5

Description

TinyMCE versions before 5.6.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser.

Technical Details

Data Version: 5.2
Assigner Short Name: VulnCheck
Date Reserved: 2024-01-03T14:21:17.583Z
Cvss Version: 3.1
State: PUBLISHED

Threat ID: 6929c5924121026312b3ca4d

Added to database: 11/28/2025, 3:53:54 PM

Last updated: 11/28/2025, 3:54:24 PM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Related Threats

CVE-2025-30006: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Xorcom CompletePBX

Medium

VulnerabilityFri Nov 28 2025

CVE-2025-30005: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Xorcom CompletePBX

Medium

VulnerabilityFri Nov 28 2025

CVE-2025-30004: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Xorcom CompletePBX

Critical

VulnerabilityFri Nov 28 2025

CVE-2025-2292: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Xorcom CompletePBX

Medium

VulnerabilityFri Nov 28 2025

CVE-2024-21910: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Medium

VulnerabilityFri Nov 28 2025

Actions

Please log in to the Console to use AI analysis features.

External Links

NVD Database MITRE CVE Reference 1 Reference 2 Reference 3 Reference 4 Reference 5 Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

CVE-2024-21911: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-21911: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

Technical Details

Community Reviews

Related Threats

CVE-2025-30006: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Xorcom CompletePBX

CVE-2025-30005: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Xorcom CompletePBX

CVE-2025-30004: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Xorcom CompletePBX

CVE-2025-2292: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Xorcom CompletePBX

CVE-2024-21910: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility