I've just been sent a link concerning a security vulnerability in TinyMCE below versions 4.2.4.
I have a site the uses Umbraco v 7.2.8 which uses v3.5.10 of TinyMCE. I'm wondering what the best course of action is & whether upgrading to the latest release of Umbraco will fix this.
Does anyone know whether TinyMCE has been updated for newer release?
Best to report this issue to [email protected]. Then Umbraco will evaluate the vulnerability and see if it applies to Umbraco and create a patch for it.
TintMCE Security vulnerability
I've just been sent a link concerning a security vulnerability in TinyMCE below versions 4.2.4.
I have a site the uses Umbraco v 7.2.8 which uses v3.5.10 of TinyMCE. I'm wondering what the best course of action is & whether upgrading to the latest release of Umbraco will fix this.
Does anyone know whether TinyMCE has been updated for newer release?
https://snyk.io/vuln/npm:tinymce:20150813?utmcontent=buffer3b0f0&utmmedium=social&utmsource=twitter.com&utmcampaign=buffer
Many thanks
Hi Polly,
Best to report this issue to [email protected]. Then Umbraco will evaluate the vulnerability and see if it applies to Umbraco and create a patch for it.
Dave
Many thanks Dave, I've just reported it!
Hi Polly,
Did you ever get to the bottom on this. I have also just had a penetration test and this flagged the same issue.
I am using Umbraco version 8.9.1
It seems to be flagging up the login URL. /umbraco#/login/false?returnPath=%252Fcontent%253FreturnPath%253D%2525252Fcontent
is working on a reply...