The cross-site scripting flaw could enable arbitrary code execution, information disclosure – and even account takeover. A high-severity flaw has been disclosed in TinyMCE, an open-source text editor used in the content management systems (CMS) of websites.
https://threatpost.com/high-severity-tinymce-cross-site-scripting-flaw-fixed/158306/
origin - https://www.pipiscrew.com/2020/08/high-severity-tinymce-cross-site-scripting-flaw-fixed/ high-severity-tinymce-cross-site-scripting-flaw-fixed