{"vulnerability": "GHSA-5H9G-X5RV-25WG", "sightings": [{"uuid": "e4bc5243-bbfe-47a6-ac9e-32f83d9b7424", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-5H9G-X5RV-25WG", "type": "seen", "source": "https://t.me/arpsyndicate/2512", "content": "#ExploitObserverAlert\n\nGHSA-5h9g-x5rv-25wg\n\nDESCRIPTION: Exploit Observer has 3 entries related to GHSA-5H9G-X5RV-25WG. A cross-site scripting (XSS) vulnerability was discovered in the schema validation logic of the core parser. The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor using the clipboard or editor APIs. This malicious content could then end up in content published outside the editor, if no server-side sanitization was performed. This impacts all users who are using TinyMCE 5.8.2 or lower.\n\nGHSS: 6.1", "creation_timestamp": "2024-01-05T18:57:40.000000Z"}, {"uuid": "57829734-724e-4eb4-8e48-666b0c632fcb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-5H9G-X5RV-25WG", "type": "seen", "source": "https://t.me/ctinow/172149", "content": "https://ift.tt/g6MjSqc\nCVE-2024-21908 | TinyMCE up to 5.8.x Editor cross site scripting (GHSA-5h9g-x5rv-25wg)", "creation_timestamp": "2024-01-23T17:26:51.000000Z"}]}