Sign in Register
Go to solution
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Polly 2 posts 82 karma points
    Nov 01, 2016 @ 12:44
    Polly
    0

    TintMCE Security vulnerability

    I've just been sent a link concerning a security vulnerability in TinyMCE below versions 4.2.4.

    I have a site the uses Umbraco v 7.2.8 which uses v3.5.10 of TinyMCE. I'm wondering what the best course of action is & whether upgrading to the latest release of Umbraco will fix this.

    Does anyone know whether TinyMCE has been updated for newer release?

    https://snyk.io/vuln/npm:tinymce:20150813?utmcontent=buffer3b0f0&utmmedium=social&utmsource=twitter.com&utmcampaign=buffer

    Many thanks

    Copy Link
  • Dave Woestenborghs 3504 posts 12135 karma points MVP 9x admin c-trib
    Nov 02, 2016 @ 09:07
    Dave Woestenborghs
    100

    Hi Polly,

    Best to report this issue to [email protected]. Then Umbraco will evaluate the vulnerability and see if it applies to Umbraco and create a patch for it.

    Dave

    Copy Link
  • Polly 2 posts 82 karma points
    Nov 03, 2016 @ 09:49
    Polly
    0

    Many thanks Dave, I've just reported it!

    Copy Link
  • David Armitage 509 posts 2079 karma points
    Dec 18, 2020 @ 00:11
    David Armitage
    0

    Hi Polly,

    Did you ever get to the bottom on this. I have also just had a penetration test and this flagged the same issue.

    I am using Umbraco version 8.9.1

    It seems to be flagging up the login URL. /umbraco#/login/false?returnPath=%252Fcontent%253FreturnPath%253D%2525252Fcontent

    Copy Link
Please Sign in or register to post replies

Write your reply to:

Draft