TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability in the media plugin. Attackers can inject malicious scripts via crafted data-mce-* attributes, which are executed when content is rendered. Impacts users of TinyMCE with the media plugin enabled. This vulnerability is fixed in 5.11.1, 7.9.3, and 8.5.1.
Exploitability
AV:NAC:LPR:LUI:RScope
S:CImpact
C:HI:HA:N8.7/CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:NInjection