TinyMCE is an open source rich text editor. From 6.8.0 to before 7.1.0, TinyMCE contains an XSS vulnerability caused by improper SVG namespace scope handling in the sanitizer. A crafted payload using nested elements can bypass attribute sanitization and execute arbitrary JavaScript. This vulnerability is fixed in 7.1.0.
3.4.8+dfsg0-13.4.8+dfsg0-2Exploitability
AV:NAC:LPR:LUI:RScope
S:CImpact
C:HI:HA:NCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N