[Git][security-tracker-team/security-tracker][master] Add two tinymce issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Mar 28 22:05:40 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d98bffce by Salvatore Bonaccorso at 2024-03-28T23:04:56+01:00
Add two tinymce issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1023,7 +1023,9 @@ CVE-2024-2212 (In Eclipse ThreadX before 6.4.0,  xQueueCreate() and xQueueCreate
 CVE-2024-29883 (CreateWiki is Miraheze's MediaWiki extension for requesting & creating ...)
 	TODO: check
 CVE-2024-29881 (TinyMCE is an open source rich text editor.  A cross-site scripting (X ...)
-	TODO: check
+	- tinymce <removed>
+	NOTE: https://github.com/tinymce/tinymce/security/advisories/GHSA-5359-pvf2-pw78
+	NOTE: https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1
 CVE-2024-29833 (The image upload component allows SVG files and the regular expression ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-29832 (The current_url parameter of the AJAX call to the GalleryBox action of ...)
@@ -1041,7 +1043,9 @@ CVE-2024-29644 (Cross Site Scripting vulnerability in dcat-admin v.2.1.3 and bef
 CVE-2024-29401 (xzs-mysql 3.8 is vulnerable to Insufficient Session Expiration, which  ...)
 	NOT-FOR-US: xzs-mysql
 CVE-2024-29203 (TinyMCE is an open source rich text editor. Across-site scripting (XSS ...)
-	TODO: check
+	- tinymce <removed>
+	NOTE: https://github.com/tinymce/tinymce/security/advisories/GHSA-438c-3975-5x3f
+	NOTE: https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1
 CVE-2024-29197 (Pimcore is an Open Source Data & Experience Management Platform. Any c ...)
 	NOT-FOR-US: Pimcore
 CVE-2024-28442 (Directory Traversal vulnerability in Yealink VP59 v.91.15.0.118 allows ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d98bffceef16e3f3ea8cc9a20dd0d11e37296cf4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d98bffceef16e3f3ea8cc9a20dd0d11e37296cf4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240328/0949869e/attachment.htm>

More information about the debian-security-tracker-commits mailing list