Boletines de Vulnerabilidades

MSA-23-0013: XSS risk in TinyMCE alerts (upstream)


Información sobre el sistema

   
Software afectado PHP

Descripción

di Michael Hawkins. The TinyMCE editor included with Moodle required a security patch to be applied to fix an XSS risk.Severity/Risk:MinorVersions affected:4.1 to 4.1.1Versions fixed:4.1.2Reported by:Andrew LyonsCVE identifier:CVE-2022-23494Changes (master):N/ATracker issue:MDL-77470 XSS risk in TinyMCE alerts (upstream)

More info:

https://moodle.org/mod/forum/discuss.php?d=445070&parent=1788903

Identificadores estándar

Propiedad Valor
CVE CVE-2022-23494.

Histórico de versiones

Versión Comentario Data
1.0 Advisory issued 2023-04-28
Ministerio de Defensa
CNI
CCN
CCN-CERT