{"id":"CVE-2024-38356","summary":"TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option","details":"TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content extraction code. When using the `noneditable_regexp` option, specially crafted HTML attributes containing malicious code were able to be executed when content was extracted from the editor. This vulnerability has been patched in TinyMCE 7.2.0, TinyMCE 6.8.4 and TinyMCE 5.11.0 LTS by ensuring that, when using the `noneditable_regexp` option, any content within an attribute is properly verified to match the configured regular expression before being added. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n","aliases":["GHSA-9hcv-j9pv-qmph"],"modified":"2026-04-02T12:16:54.461592Z","published":"2024-06-19T20:03:47.923Z","database_specific":{"cwe_ids":["CWE-79"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/38xxx/CVE-2024-38356.json","cna_assigner":"GitHub_M"},"references":[{"type":"WEB","url":"https://owasp.org/www-community/attacks/xss"},{"type":"WEB","url":"https://www.tiny.cloud/docs/tinymce/6/6.8.4-release-notes/#overview"},{"type":"WEB","url":"https://www.tiny.cloud/docs/tinymce/7/7.2-release-notes/#overview"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/38xxx/CVE-2024-38356.json"},{"type":"ADVISORY","url":"https://github.com/tinymce/tinymce/security/advisories/GHSA-9hcv-j9pv-qmph"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38356"},{"type":"FIX","url":"https://github.com/tinymce/tinymce/commit/5acb741665a98e83d62b91713c800abbff43b00d"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tinymce/tinymce","events":[{"introduced":"4cc623897917472ba418f1378170727d7a94575b"},{"fixed":"8a7b799033af4058818ea17e27ad36c58e2402f9"}],"database_specific":{"versions":[{"introduced":"6.0.0"},{"fixed":"6.8.4"}]}},{"type":"GIT","repo":"https://github.com/tinymce/tinymce","events":[{"introduced":"38b36acdf3610b8116014570b7a065710730db90"},{"fixed":"8ca0674d43fff53fd166d254fafab2c814586c8f"}],"database_specific":{"versions":[{"introduced":"7.0.0"},{"fixed":"7.2.0"}]}}],"versions":["5.10.0","5.10.1","5.10.2","5.10.3","5.10.4","5.10.5","5.10.6","5.10.7","5.10.8","5.10.9","5.3.0","5.3.1","5.3.2","5.4.0","5.4.1","5.4.2","5.5.0","5.5.1","5.6.0","5.6.1","5.6.2","5.7.0","5.7.1","5.8.0","5.8.1","5.8.2","5.9.0","5.9.1","5.9.2","6.0.0","6.0.1","6.0.2","6.0.3","6.1.0","6.1.1","6.1.2","6.2.0","6.3.0","6.3.1","6.3.2","6.4.0","6.4.1","6.4.2","6.5.0","6.5.1","6.6.0","6.6.1","6.6.2","6.7.0","6.7.1","6.7.2","6.7.3","6.8.0","6.8.1","6.8.2","6.8.3","6.8.4","6.8.5","6.8.6","7.0.0","7.0.1","7.1.0","7.1.1","7.1.2","7.2.0","7.2.1","7.3.0","7.4.0","7.4.1","7.5.0","7.5.1","7.6.0","7.6.1","7.7.0","7.7.1","7.7.2","7.8.0","7.9.0","7.9.1","7.9.2","8.0.0","8.0.1","8.0.2","8.1.0","8.1.1","8.1.2","8.2.0","8.2.1","8.2.2","8.3.0","8.3.1","8.3.2","8.4.0","@ephox/acid@1.0.74","@ephox/acid@1.0.75","@ephox/acid@1.0.76","@ephox/acid@1.0.77","@ephox/acid@1.0.78","@ephox/acid@1.0.79","@ephox/acid@1.0.80","@ephox/acid@1.0.81","@ephox/acid@2.0.0","@ephox/acid@2.0.1","@ephox/acid@2.0.2","@ephox/acid@2.0.3","@ephox/acid@2.0.4","@ephox/acid@2.0.5","@ephox/acid@3.0.0","@ephox/acid@3.0.1","@ephox/acid@3.0.2","@ephox/acid@3.0.3","@ephox/acid@3.0.4","@ephox/acid@3.0.5","@ephox/acid@4.0.0","@ephox/acid@4.0.1","@ephox/acid@4.0.2","@ephox/acid@4.0.3","@ephox/acid@4.0.4","@ephox/acid@5.0.0","@ephox/acid@5.0.0-alpha.0","@ephox/acid@5.0.0-alpha.1","@ephox/acid@5.0.0-alpha.2","@ephox/acid@5.0.0-alpha.3","@ephox/acid@5.0.0-alpha.4","@ephox/acid@5.0.0-alpha.5","@ephox/acid@5.0.0-alpha.6","@ephox/acid@5.0.1","@ephox/acid@5.0.10","@ephox/acid@5.0.2","@ephox/acid@5.0.2-alpha.1","@ephox/acid@5.0.2-alpha.2","@ephox/acid@5.0.3","@ephox/acid@5.0.4","@ephox/acid@5.0.5","@ephox/acid@5.0.6","@ephox/acid@5.0.7","@ephox/acid@5.0.8","@ephox/acid@5.0.9","@ephox/acid@5.1.0","@ephox/acid@5.1.0-alpha.0","@ephox/acid@5.1.1","@ephox/acid@5.1.2","@ephox/acid@5.1.3","@ephox/acid@5.1.4","@ephox/acid@5.2.0","@ephox/acid@5.2.0-alpha.0","@ephox/acid@5.2.1","@ephox/acid@6.0.0","@ephox/acid@6.0.1","@ephox/acid@6.0.2","@ephox/acid@6.0.3","@ephox/acid@7.0.0","@ephox/acid@8.0.0","@ephox/agar@10.0.0","@ephox/agar@4.15.4","@ephox/agar@4.15.5","@ephox/agar@4.16.0","@ephox/agar@4.16.1","@ephox/agar@4.17.0","@ephox/agar@4.17.1","@ephox/agar@4.17.2","@ephox/agar@5.0.0","@ephox/agar@5.0.1","@ephox/agar@5.1.0","@ephox/agar@5.1.1","@ephox/agar@5.2.0","@ephox/agar@5.2.1","@ephox/agar@5.3.0","@ephox/agar@5.3.1","@ephox/agar@5.3.2","@ephox/agar@5.3.3","@ephox/agar@5.4.0","@ephox/agar@5.4.1","@ephox/agar@6.0.0","@ephox/agar@6.0.1","@ephox/agar@6.0.2","@ephox/agar@6.0.3","@ephox/agar@6.0.4","@ephox/agar@7.0.0","@ephox/agar@7.0.0-alpha.0","@ephox/agar@7.0.0-alpha.1","@ephox/agar@7.0.0-alpha.2","@ephox/agar@7.0.0-alpha.3","@ephox/agar@7.0.0-alpha.4","@ephox/agar@7.0.0-alpha.5","@ephox/agar@7.0.0-alpha.6","@ephox/agar@7.0.1","@ephox/agar@7.1.0","@ephox/agar@7.1.0-alpha.1","@ephox/agar@7.1.1","@ephox/agar@7.2.0","@ephox/agar@7.2.1","@ephox/agar@7.3.0","@ephox/agar@7.3.1","@ephox/agar@7.4.0","@ephox/agar@7.4.1","@ephox/agar@7.4.2","@ephox/agar@7.4.3","@ephox/agar@7.4.4","@ephox/agar@8.0.0","@ephox/agar@8.0.0-alpha.0","@ephox/agar@8.0.1","@ephox/agar@9.0.0","@ephox/alloy@10.0.0","@ephox/alloy@10.0.0-alpha.0","@ephox/alloy@10.0.0-alpha.1","@ephox/alloy@10.0.0-alpha.2","@ephox/alloy@10.0.0-alpha.3","@ephox/alloy@10.0.0-alpha.4","@ephox/alloy@10.0.0-alpha.5","@ephox/alloy@10.0.0-alpha.6","@ephox/alloy@10.0.1","@ephox/alloy@10.1.0","@ephox/alloy@10.1.0-alpha.1","@ephox/alloy@10.1.0-alpha.2","@ephox/alloy@10.1.1","@ephox/alloy@11.0.0","@ephox/alloy@11.0.1","@ephox/alloy@12.0.0","@ephox/alloy@12.0.1","@ephox/alloy@12.1.0","@ephox/alloy@12.1.1","@ephox/alloy@12.1.2","@ephox/alloy@12.2.0","@ephox/alloy@12.2.0-alpha.0","@ephox/alloy@12.2.1","@ephox/alloy@12.2.2","@ephox/alloy@13.0.0","@ephox/alloy@13.0.1","@ephox/alloy@13.1.0","@ephox/alloy@13.1.0-alpha.0","@ephox/alloy@13.1.1","@ephox/alloy@14.0.0","@ephox/alloy@14.0.0-alpha.0","@ephox/alloy@14.0.1","@ephox/alloy@14.0.2","@ephox/alloy@14.0.3","@ephox/alloy@15.0.0","@ephox/alloy@16.0.0","@ephox/alloy@7.0.0","@ephox/alloy@7.0.1","@ephox/alloy@7.0.2","@ephox/alloy@7.0.3","@ephox/alloy@7.0.4","@ephox/alloy@7.0.5","@ephox/alloy@7.0.6","@ephox/alloy@7.0.7","@ephox/alloy@8.0.0","@ephox/alloy@8.0.1","@ephox/alloy@8.1.0","@ephox/alloy@8.1.1","@ephox/alloy@8.1.2","@ephox/alloy@8.1.3","@ephox/alloy@8.2.0","@ephox/alloy@8.2.1","@ephox/alloy@8.2.2","@ephox/alloy@8.2.3","@ephox/alloy@8.2.4","@ephox/alloy@8.2.5","@ephox/alloy@9.0.0","@ephox/alloy@9.0.1","@ephox/alloy@9.0.2","@ephox/alloy@9.0.3","@ephox/alloy@9.0.4","@ephox/boss@3.1.4","@ephox/boss@3.1.5","@ephox/boss@3.1.6","@ephox/boss@3.1.7","@ephox/boss@3.1.8","@ephox/boss@3.1.9","@ephox/boss@4.0.0","@ephox/boss@4.0.1","@ephox/boss@4.0.2","@ephox/boss@4.0.3","@ephox/boss@4.1.0","@ephox/boss@4.1.1","@ephox/boss@4.1.2","@ephox/boss@4.1.3","@ephox/boss@4.2.0","@ephox/boss@4.2.1","@ephox/boss@5.0.0","@ephox/boss@5.0.1","@ephox/boss@5.0.2","@ephox/boss@5.0.3","@ephox/boss@5.0.4","@ephox/boss@6.0.0","@ephox/boss@6.0.0-alpha.0","@ephox/boss@6.0.0-alpha.1","@ephox/boss@6.0.0-alpha.2","@ephox/boss@6.0.0-alpha.3","@ephox/boss@6.0.0-alpha.4","@ephox/boss@6.0.0-alpha.5","@ephox/boss@6.0.0-alpha.6","@ephox/boss@6.0.1","@ephox/boss@6.0.2","@ephox/boss@6.0.2-alpha.1","@ephox/boss@6.0.3","@ephox/boss@6.0.4","@ephox/boss@6.0.5","@ephox/boss@6.0.6","@ephox/boss@6.0.7","@ephox/boss@6.0.8","@ephox/boss@6.0.9","@ephox/boss@6.1.0","@ephox/boss@6.1.1","@ephox/boss@7.0.0","@ephox/boss@8.0.0","@ephox/boulder@4.0.4","@ephox/boulder@4.0.5","@ephox/boulder@4.0.6","@ephox/boulder@4.0.7","@ephox/boulder@4.0.8","@ephox/boulder@5.0.0","@ephox/boulder@5.0.1","@ephox/boulder@5.0.2","@ephox/boulder@5.0.3","@ephox/boulder@5.0.4","@ephox/boulder@5.0.5","@ephox/boulder@5.0.6","@ephox/boulder@5.0.7","@ephox/boulder@6.0.0","@ephox/boulder@6.0.1","@ephox/boulder@6.0.2","@ephox/boulder@6.0.3","@ephox/boulder@7.0.0","@ephox/boulder@7.0.0-alpha.0","@ephox/boulder@7.0.0-alpha.1","@ephox/boulder@7.0.0-alpha.2","@ephox/boulder@7.0.0-alpha.3","@ephox/boulder@7.0.0-alpha.4","@ephox/boulder@7.0.1","@ephox/boulder@7.0.2","@ephox/boulder@7.0.2-alpha.1","@ephox/boulder@7.0.3","@ephox/boulder@7.1.0","@ephox/boulder@7.1.1","@ephox/boulder@7.1.2","@ephox/boulder@7.1.3","@ephox/boulder@7.1.4","@ephox/boulder@7.1.5","@ephox/boulder@7.1.6","@ephox/boulder@8.0.0","@ephox/boulder@9.0.0","@ephox/bridge@1.2.0","@ephox/bridge@1.2.1","@ephox/bridge@1.2.2","@ephox/bridge@1.2.3","@ephox/bridge@1.2.4","@ephox/bridge@2.0.0","@ephox/bridge@2.0.1","@ephox/bridge@2.1.0","@ephox/bridge@2.1.1","@ephox/bridge@2.1.2","@ephox/bridge@2.1.3","@ephox/bridge@2.2.0","@ephox/bridge@2.2.1","@ephox/bridge@2.2.2","@ephox/bridge@3.0.0","@ephox/bridge@3.0.1","@ephox/bridge@3.0.2","@ephox/bridge@3.0.3","@ephox/bridge@3.0.4","@ephox/bridge@4.0.0","@ephox/bridge@4.0.0-alpha.0","@ephox/bridge@4.0.0-alpha.1","@ephox/bridge@4.0.0-alpha.2","@ephox/bridge@4.0.0-alpha.3","@ephox/bridge@4.0.0-alpha.4","@ephox/bridge@4.0.0-alpha.5","@ephox/bridge@4.0.1","@ephox/bridge@4.0.2","@ephox/bridge@4.0.3","@ephox/bridge@4.0.3-alpha.1","@ephox/bridge@4.0.4","@ephox/bridge@4.1.0","@ephox/bridge@4.1.1","@ephox/bridge@4.2.0","@ephox/bridge@4.2.1","@ephox/bridge@4.3.0","@ephox/bridge@4.3.1","@ephox/bridge@4.4.0","@ephox/bridge@4.4.0-alpha.0","@ephox/bridge@4.4.1","@ephox/bridge@4.5.0","@ephox/bridge@4.5.1","@ephox/bridge@4.6.0","@ephox/bridge@4.6.0-alpha.0","@ephox/bridge@4.7.0","@ephox/bridge@4.7.1","@ephox/bridge@5.0.0","@ephox/bridge@6.0.0","@ephox/darwin@10.0.0","@ephox/darwin@4.0.15","@ephox/darwin@4.0.16","@ephox/darwin@4.0.17","@ephox/darwin@4.0.18","@ephox/darwin@4.0.19","@ephox/darwin@4.0.20","@ephox/darwin@5.0.0","@ephox/darwin@5.0.1","@ephox/darwin@5.0.2","@ephox/darwin@5.0.3","@ephox/darwin@5.0.4","@ephox/darwin@5.0.5","@ephox/darwin@6.0.0","@ephox/darwin@6.0.1","@ephox/darwin@6.0.2","@ephox/darwin@6.0.3","@ephox/darwin@6.0.4","@ephox/darwin@6.0.5","@ephox/darwin@6.0.6","@ephox/darwin@6.0.7","@ephox/darwin@7.0.0","@ephox/darwin@7.0.1","@ephox/darwin@7.0.2","@ephox/darwin@7.0.3","@ephox/darwin@7.0.4","@ephox/darwin@7.0.5","@ephox/darwin@8.0.0","@ephox/darwin@8.0.0-alpha.0","@ephox/darwin@8.0.0-alpha.1","@ephox/darwin@8.0.0-alpha.2","@ephox/darwin@8.0.0-alpha.3","@ephox/darwin@8.0.0-alpha.4","@ephox/darwin@8.0.0-alpha.5","@ephox/darwin@8.0.0-alpha.6","@ephox/darwin@8.0.0-alpha.7","@ephox/darwin@8.0.1","@ephox/darwin@8.0.10","@ephox/darwin@8.0.11","@ephox/darwin@8.0.12","@ephox/darwin@8.0.2","@ephox/darwin@8.0.3","@ephox/darwin@8.0.3-alpha.1","@ephox/darwin@8.0.4","@ephox/darwin@8.0.5","@ephox/darwin@8.0.6","@ephox/darwin@8.0.7","@ephox/darwin@8.0.8","@ephox/darwin@8.0.9","@ephox/darwin@8.1.0","@ephox/darwin@8.1.0-alpha.0","@ephox/darwin@8.2.0","@ephox/darwin@8.2.1","@ephox/darwin@9.0.0","@ephox/dragster@4.0.47","@ephox/dragster@4.0.48","@ephox/dragster@4.0.49","@ephox/dragster@4.0.50","@ephox/dragster@4.0.51","@ephox/dragster@4.0.52","@ephox/dragster@5.0.0","@ephox/dragster@5.0.1","@ephox/dragster@5.0.2","@ephox/dragster@5.0.3","@ephox/dragster@5.0.4","@ephox/dragster@5.0.5","@ephox/dragster@5.0.6","@ephox/dragster@5.0.7","@ephox/dragster@5.0.8","@ephox/dragster@6.0.0","@ephox/dragster@6.0.1","@ephox/dragster@6.0.2","@ephox/dragster@6.0.3","@ephox/dragster@6.0.4","@ephox/dragster@7.0.0","@ephox/dragster@7.0.0-alpha.0","@ephox/dragster@7.0.0-alpha.1","@ephox/dragster@7.0.0-alpha.2","@ephox/dragster@7.0.0-alpha.3","@ephox/dragster@7.0.0-alpha.4","@ephox/dragster@7.0.0-alpha.5","@ephox/dragster@7.0.0-alpha.6","@ephox/dragster@7.0.1","@ephox/dragster@7.0.2","@ephox/dragster@7.0.2-alpha.1","@ephox/dragster@7.0.3","@ephox/dragster@7.0.4","@ephox/dragster@7.0.5","@ephox/dragster@7.0.6","@ephox/dragster@7.0.7","@ephox/dragster@7.1.0","@ephox/dragster@7.1.1","@ephox/dragster@7.2.0","@ephox/dragster@7.2.1","@ephox/dragster@7.3.0","@ephox/dragster@7.3.1","@ephox/dragster@8.0.0","@ephox/dragster@9.0.0","@ephox/imagetools@3.3.0","@ephox/imagetools@3.3.1","@ephox/imagetools@3.3.2","@ephox/imagetools@3.3.3","@ephox/imagetools@4.0.0","@ephox/imagetools@4.0.1","@ephox/imagetools@4.0.2","@ephox/imagetools@4.0.3","@ephox/imagetools@4.0.4","@ephox/imagetools@4.0.5","@ephox/imagetools@4.0.6","@ephox/imagetools@4.0.7","@ephox/imagetools@5.0.0","@ephox/imagetools@5.0.1","@ephox/imagetools@5.1.0","@ephox/imagetools@5.1.1","@ephox/imagetools@6.0.0-alpha.0","@ephox/imagetools@6.0.0-alpha.1","@ephox/jax@4.1.32","@ephox/jax@4.1.33","@ephox/jax@4.1.34","@ephox/jax@4.1.35","@ephox/jax@4.1.36","@ephox/jax@5.0.0","@ephox/jax@5.0.1","@ephox/jax@5.0.2","@ephox/jax@5.0.3","@ephox/jax@5.0.4","@ephox/jax@5.0.5","@ephox/jax@5.0.6","@ephox/jax@5.0.7","@ephox/jax@6.0.0","@ephox/jax@6.0.1","@ephox/jax@6.0.2","@ephox/jax@6.0.3","@ephox/jax@7.0.0","@ephox/jax@7.0.0-alpha.0","@ephox/jax@7.0.0-alpha.1","@ephox/jax@7.0.0-alpha.2","@ephox/jax@7.0.0-alpha.3","@ephox/jax@7.0.0-alpha.4","@ephox/jax@7.0.1","@ephox/jax@7.0.10","@ephox/jax@7.0.2","@ephox/jax@7.0.2-alpha.1","@ephox/jax@7.0.3","@ephox/jax@7.0.4","@ephox/jax@7.0.5","@ephox/jax@7.0.6","@ephox/jax@7.0.7","@ephox/jax@7.0.8","@ephox/jax@7.0.9","@ephox/jax@8.0.0","@ephox/jax@9.0.0","@ephox/katamari-assertions@1.0.5","@ephox/katamari-assertions@1.0.6","@ephox/katamari-assertions@1.0.7","@ephox/katamari-assertions@1.0.8","@ephox/katamari-assertions@1.0.9","@ephox/katamari-assertions@2.0.0","@ephox/katamari-assertions@2.0.1","@ephox/katamari-assertions@2.0.2","@ephox/katamari-assertions@2.0.3","@ephox/katamari-assertions@2.0.4","@ephox/katamari-assertions@2.0.5","@ephox/katamari-assertions@2.0.6","@ephox/katamari-assertions@2.0.7","@ephox/katamari-assertions@3.0.0","@ephox/katamari-assertions@3.0.1","@ephox/katamari-assertions@3.0.2","@ephox/katamari-assertions@3.0.3","@ephox/katamari-assertions@4.0.0","@ephox/katamari-assertions@4.0.0-alpha.0","@ephox/katamari-assertions@4.0.0-alpha.1","@ephox/katamari-assertions@4.0.0-alpha.2","@ephox/katamari-assertions@4.0.0-alpha.3","@ephox/katamari-assertions@4.0.0-alpha.4","@ephox/katamari-assertions@4.0.1","@ephox/katamari-assertions@4.0.10","@ephox/katamari-assertions@4.0.2","@ephox/katamari-assertions@4.0.2-alpha.1","@ephox/katamari-assertions@4.0.3","@ephox/katamari-assertions@4.0.4","@ephox/katamari-assertions@4.0.5","@ephox/katamari-assertions@4.0.6","@ephox/katamari-assertions@4.0.7","@ephox/katamari-assertions@4.0.8","@ephox/katamari-assertions@4.0.9","@ephox/katamari-assertions@5.0.0","@ephox/katamari-assertions@6.0.0","@ephox/katamari@10.0.0","@ephox/katamari@11.0.0","@ephox/katamari@6.0.0","@ephox/katamari@6.0.1","@ephox/katamari@6.1.0","@ephox/katamari@6.1.1","@ephox/katamari@6.1.2","@ephox/katamari@7.0.0","@ephox/katamari@7.0.1","@ephox/katamari@7.1.0","@ephox/katamari@7.1.1","@ephox/katamari@7.1.2","@ephox/katamari@7.1.3","@ephox/katamari@7.2.0","@ephox/katamari@7.2.1","@ephox/katamari@8.0.0","@ephox/katamari@8.0.1","@ephox/katamari@8.1.0","@ephox/katamari@8.1.1","@ephox/katamari@9.0.0","@ephox/katamari@9.0.0-alpha.0","@ephox/katamari@9.0.0-alpha.1","@ephox/katamari@9.0.0-alpha.2","@ephox/katamari@9.0.0-alpha.3","@ephox/katamari@9.0.0-alpha.4","@ephox/katamari@9.0.1","@ephox/katamari@9.0.2","@ephox/katamari@9.0.2-alpha.1","@ephox/katamari@9.0.3","@ephox/katamari@9.1.0","@ephox/katamari@9.1.1","@ephox/katamari@9.1.2","@ephox/katamari@9.1.3","@ephox/katamari@9.1.4","@ephox/katamari@9.1.5","@ephox/katamari@9.1.6","@ephox/mcagar@10.0.0","@ephox/mcagar@11.0.0","@ephox/mcagar@4.1.5","@ephox/mcagar@4.1.6","@ephox/mcagar@4.2.0","@ephox/mcagar@4.2.1","@ephox/mcagar@4.2.2","@ephox/mcagar@4.2.3","@ephox/mcagar@4.2.4","@ephox/mcagar@5.0.0","@ephox/mcagar@5.0.1","@ephox/mcagar@5.1.0","@ephox/mcagar@5.1.1","@ephox/mcagar@6.0.0","@ephox/mcagar@6.0.1","@ephox/mcagar@6.1.0","@ephox/mcagar@6.1.1","@ephox/mcagar@6.1.2","@ephox/mcagar@6.1.3","@ephox/mcagar@6.1.4","@ephox/mcagar@6.1.5","@ephox/mcagar@7.0.0","@ephox/mcagar@7.0.1","@ephox/mcagar@7.0.2","@ephox/mcagar@7.0.3","@ephox/mcagar@7.0.4","@ephox/mcagar@7.0.5","@ephox/mcagar@8.0.0","@ephox/mcagar@8.0.0-alpha.0","@ephox/mcagar@8.0.0-alpha.1","@ephox/mcagar@8.0.0-alpha.2","@ephox/mcagar@8.0.0-alpha.3","@ephox/mcagar@8.0.0-alpha.4","@ephox/mcagar@8.0.0-alpha.5","@ephox/mcagar@8.0.0-alpha.6","@ephox/mcagar@8.0.0-alpha.7","@ephox/mcagar@8.0.1","@ephox/mcagar@8.0.2","@ephox/mcagar@8.0.2-alpha.1","@ephox/mcagar@8.0.3","@ephox/mcagar@8.1.0","@ephox/mcagar@8.1.1","@ephox/mcagar@8.2.0","@ephox/mcagar@8.2.1","@ephox/mcagar@8.3.0","@ephox/mcagar@8.3.1","@ephox/mcagar@8.3.2","@ephox/mcagar@8.4.0","@ephox/mcagar@8.4.0-alpha.0","@ephox/mcagar@8.4.1","@ephox/mcagar@8.4.2","@ephox/mcagar@9.0.0","@ephox/mcagar@9.0.0-alpha.0","@ephox/mcagar@9.0.1","@ephox/phoenix@10.0.0","@ephox/phoenix@5.1.10","@ephox/phoenix@5.1.5","@ephox/phoenix@5.1.6","@ephox/phoenix@5.1.7","@ephox/phoenix@5.1.8","@ephox/phoenix@5.1.9","@ephox/phoenix@6.0.0","@ephox/phoenix@6.0.1","@ephox/phoenix@6.0.10","@ephox/phoenix@6.0.2","@ephox/phoenix@6.0.3","@ephox/phoenix@6.0.4","@ephox/phoenix@6.0.5","@ephox/phoenix@6.0.6","@ephox/phoenix@6.0.7","@ephox/phoenix@6.0.8","@ephox/phoenix@6.0.9","@ephox/phoenix@7.0.0","@ephox/phoenix@7.0.1","@ephox/phoenix@7.0.2","@ephox/phoenix@7.0.3","@ephox/phoenix@7.0.4","@ephox/phoenix@8.0.0","@ephox/phoenix@8.0.0-alpha.0","@ephox/phoenix@8.0.0-alpha.1","@ephox/phoenix@8.0.0-alpha.2","@ephox/phoenix@8.0.0-alpha.3","@ephox/phoenix@8.0.0-alpha.4","@ephox/phoenix@8.0.0-alpha.5","@ephox/phoenix@8.0.0-alpha.6","@ephox/phoenix@8.0.1","@ephox/phoenix@8.0.2","@ephox/phoenix@8.0.2-alpha.1","@ephox/phoenix@8.0.3","@ephox/phoenix@8.0.4","@ephox/phoenix@8.0.5","@ephox/phoenix@8.0.6","@ephox/phoenix@8.0.7","@ephox/phoenix@8.0.8","@ephox/phoenix@8.0.9","@ephox/phoenix@8.1.0-alpha.0","@ephox/phoenix@8.2.0","@ephox/phoenix@8.2.0-alpha.0","@ephox/phoenix@8.2.1","@ephox/phoenix@8.3.0","@ephox/phoenix@8.3.0-alpha.0","@ephox/phoenix@8.4.0","@ephox/phoenix@8.4.1","@ephox/phoenix@9.0.0","@ephox/polaris@3.0.49","@ephox/polaris@3.0.50","@ephox/polaris@3.0.51","@ephox/polaris@3.0.52","@ephox/polaris@3.0.53","@ephox/polaris@4.0.0","@ephox/polaris@4.0.1","@ephox/polaris@4.0.2","@ephox/polaris@4.0.3","@ephox/polaris@4.0.4","@ephox/polaris@4.0.5","@ephox/polaris@4.0.6","@ephox/polaris@4.0.7","@ephox/polaris@4.0.8","@ephox/polaris@5.0.0","@ephox/polaris@5.0.1","@ephox/polaris@5.0.2","@ephox/polaris@5.0.3","@ephox/polaris@5.0.4","@ephox/polaris@6.0.0","@ephox/polaris@6.0.0-alpha.0","@ephox/polaris@6.0.0-alpha.1","@ephox/polaris@6.0.0-alpha.2","@ephox/polaris@6.0.0-alpha.3","@ephox/polaris@6.0.0-alpha.4","@ephox/polaris@6.0.1","@ephox/polaris@6.0.2","@ephox/polaris@6.0.2-alpha.1","@ephox/polaris@6.0.3","@ephox/polaris@6.0.4","@ephox/polaris@6.0.5","@ephox/polaris@6.0.6","@ephox/polaris@6.0.7","@ephox/polaris@6.0.8","@ephox/polaris@6.0.9","@ephox/polaris@6.1.0-alpha.0","@ephox/polaris@6.2.0","@ephox/polaris@6.2.0-alpha.0","@ephox/polaris@6.2.1","@ephox/polaris@6.3.0","@ephox/polaris@6.3.0-alpha.0","@ephox/polaris@6.3.1","@ephox/polaris@7.0.0","@ephox/polaris@8.0.0","@ephox/porkbun@4.0.34","@ephox/porkbun@4.0.35","@ephox/porkbun@4.0.36","@ephox/porkbun@4.0.37","@ephox/porkbun@4.0.38","@ephox/porkbun@5.0.0","@ephox/porkbun@5.0.1","@ephox/porkbun@5.0.2","@ephox/porkbun@5.0.3","@ephox/porkbun@5.0.4","@ephox/porkbun@5.0.5","@ephox/porkbun@5.0.6","@ephox/porkbun@5.0.7","@ephox/porkbun@6.0.0","@ephox/porkbun@6.0.1","@ephox/porkbun@6.0.2","@ephox/porkbun@6.0.3","@ephox/porkbun@7.0.0","@ephox/porkbun@7.0.0-alpha.0","@ephox/porkbun@7.0.0-alpha.1","@ephox/porkbun@7.0.0-alpha.2","@ephox/porkbun@7.0.0-alpha.3","@ephox/porkbun@7.0.0-alpha.4","@ephox/porkbun@7.0.1","@ephox/porkbun@7.0.10","@ephox/porkbun@7.0.2","@ephox/porkbun@7.0.2-alpha.1","@ephox/porkbun@7.0.3","@ephox/porkbun@7.0.4","@ephox/porkbun@7.0.5","@ephox/porkbun@7.0.6","@ephox/porkbun@7.0.7","@ephox/porkbun@7.0.8","@ephox/porkbun@7.0.9","@ephox/porkbun@8.0.0","@ephox/porkbun@9.0.0","@ephox/robin@10.0.0","@ephox/robin@10.0.0-alpha.0","@ephox/robin@10.0.0-alpha.1","@ephox/robin@10.0.0-alpha.2","@ephox/robin@10.0.0-alpha.3","@ephox/robin@10.0.0-alpha.4","@ephox/robin@10.0.0-alpha.5","@ephox/robin@10.0.0-alpha.6","@ephox/robin@10.0.1","@ephox/robin@10.0.2","@ephox/robin@10.0.2-alpha.1","@ephox/robin@10.0.3","@ephox/robin@10.0.4","@ephox/robin@10.0.5","@ephox/robin@10.0.6","@ephox/robin@10.0.7","@ephox/robin@10.0.8","@ephox/robin@10.0.9","@ephox/robin@10.1.0-alpha.0","@ephox/robin@10.2.0","@ephox/robin@10.2.0-alpha.0","@ephox/robin@10.2.1","@ephox/robin@10.3.0","@ephox/robin@10.3.0-alpha.0","@ephox/robin@10.4.0","@ephox/robin@10.4.1","@ephox/robin@11.0.0","@ephox/robin@12.0.0","@ephox/robin@7.0.52","@ephox/robin@7.0.53","@ephox/robin@7.0.54","@ephox/robin@7.0.55","@ephox/robin@7.0.56","@ephox/robin@7.0.57","@ephox/robin@8.0.0","@ephox/robin@8.0.1","@ephox/robin@8.0.2","@ephox/robin@8.0.3","@ephox/robin@8.0.4","@ephox/robin@8.0.5","@ephox/robin@8.0.6","@ephox/robin@8.0.7","@ephox/robin@8.0.8","@ephox/robin@8.0.9","@ephox/robin@8.1.0","@ephox/robin@8.1.1","@ephox/robin@9.0.0","@ephox/robin@9.0.1","@ephox/robin@9.0.2","@ephox/robin@9.0.3","@ephox/robin@9.0.4","@ephox/sand@3.1.10","@ephox/sand@3.1.11","@ephox/sand@3.1.7","@ephox/sand@3.1.8","@ephox/sand@3.1.9","@ephox/sand@4.0.0","@ephox/sand@4.0.1","@ephox/sand@4.0.2","@ephox/sand@4.0.3","@ephox/sand@4.0.4","@ephox/sand@4.0.5","@ephox/sand@4.0.6","@ephox/sand@4.0.7","@ephox/sand@4.0.8","@ephox/sand@5.0.0","@ephox/sand@5.0.1","@ephox/sand@5.0.2","@ephox/sand@5.0.3","@ephox/sand@6.0.0","@ephox/sand@6.0.0-alpha.0","@ephox/sand@6.0.0-alpha.1","@ephox/sand@6.0.0-alpha.2","@ephox/sand@6.0.0-alpha.3","@ephox/sand@6.0.0-alpha.4","@ephox/sand@6.0.0-alpha.5","@ephox/sand@6.0.1","@ephox/sand@6.0.10","@ephox/sand@6.0.2","@ephox/sand@6.0.2-alpha.1","@ephox/sand@6.0.3","@ephox/sand@6.0.4","@ephox/sand@6.0.5","@ephox/sand@6.0.6","@ephox/sand@6.0.7","@ephox/sand@6.0.8","@ephox/sand@6.0.9","@ephox/sand@7.0.0","@ephox/sand@8.0.0","@ephox/snooker@10.0.0","@ephox/snooker@10.0.1","@ephox/snooker@10.0.2","@ephox/snooker@11.0.0","@ephox/snooker@11.0.0-alpha.0","@ephox/snooker@11.0.0-alpha.1","@ephox/snooker@11.0.0-alpha.2","@ephox/snooker@11.0.0-alpha.3","@ephox/snooker@11.0.0-alpha.4","@ephox/snooker@11.0.0-alpha.5","@ephox/snooker@11.0.0-alpha.6","@ephox/snooker@11.0.0-alpha.7","@ephox/snooker@11.0.1","@ephox/snooker@11.0.10","@ephox/snooker@11.0.11","@ephox/snooker@11.0.12","@ephox/snooker@11.0.2","@ephox/snooker@11.0.3","@ephox/snooker@11.0.3-alpha.1","@ephox/snooker@11.0.4","@ephox/snooker@11.0.5","@ephox/snooker@11.0.6","@ephox/snooker@11.0.7","@ephox/snooker@11.0.8","@ephox/snooker@11.0.9","@ephox/snooker@11.1.0","@ephox/snooker@11.1.0-alpha.0","@ephox/snooker@11.2.0","@ephox/snooker@11.2.1","@ephox/snooker@12.0.0","@ephox/snooker@13.0.0","@ephox/snooker@5.1.13","@ephox/snooker@5.1.14","@ephox/snooker@6.0.0","@ephox/snooker@6.0.1","@ephox/snooker@6.0.2","@ephox/snooker@6.0.3","@ephox/snooker@7.0.0","@ephox/snooker@7.0.1","@ephox/snooker@7.0.2","@ephox/snooker@7.1.0","@ephox/snooker@7.1.1","@ephox/snooker@7.1.2","@ephox/snooker@8.0.0","@ephox/snooker@8.0.1","@ephox/snooker@8.0.2","@ephox/snooker@8.0.3","@ephox/snooker@8.0.4","@ephox/snooker@8.0.5","@ephox/snooker@8.0.6","@ephox/snooker@8.0.7","@ephox/snooker@9.0.0","@ephox/snooker@9.0.1","@ephox/sugar@10.0.0","@ephox/sugar@11.0.0","@ephox/sugar@6.0.0","@ephox/sugar@6.0.1","@ephox/sugar@6.1.0","@ephox/sugar@6.1.1","@ephox/sugar@6.1.2","@ephox/sugar@6.1.3","@ephox/sugar@7.0.0","@ephox/sugar@7.0.1","@ephox/sugar@7.0.2","@ephox/sugar@7.0.3","@ephox/sugar@7.1.0","@ephox/sugar@7.1.1","@ephox/sugar@7.1.2","@ephox/sugar@7.1.3","@ephox/sugar@7.1.4","@ephox/sugar@8.0.0","@ephox/sugar@8.0.1","@ephox/sugar@8.1.0","@ephox/sugar@8.1.1","@ephox/sugar@8.1.2","@ephox/sugar@9.0.0","@ephox/sugar@9.0.0-alpha.0","@ephox/sugar@9.0.0-alpha.1","@ephox/sugar@9.0.0-alpha.2","@ephox/sugar@9.0.0-alpha.3","@ephox/sugar@9.0.0-alpha.4","@ephox/sugar@9.0.0-alpha.5","@ephox/sugar@9.0.0-alpha.6","@ephox/sugar@9.0.1","@ephox/sugar@9.0.2","@ephox/sugar@9.0.2-alpha.1","@ephox/sugar@9.0.3","@ephox/sugar@9.1.0","@ephox/sugar@9.1.1","@ephox/sugar@9.1.2","@ephox/sugar@9.1.3","@ephox/sugar@9.2.0","@ephox/sugar@9.2.1","@ephox/sugar@9.3.0","@ephox/sugar@9.3.1","@tinymce/oxide-icons-default@1.3.2","@tinymce/oxide-icons-default@1.3.3","@tinymce/oxide-icons-default@1.4.0","@tinymce/oxide-icons-default@1.4.1","@tinymce/oxide-icons-default@1.5.0","@tinymce/oxide-icons-default@1.5.1","@tinymce/oxide-icons-default@1.6.0","@tinymce/oxide-icons-default@1.6.1","@tinymce/oxide-icons-default@2.0.0","@tinymce/oxide-icons-default@2.0.0-alpha.1","@tinymce/oxide-icons-default@2.0.1","@tinymce/oxide-icons-default@2.0.2","@tinymce/oxide-icons-default@2.0.2-alpha.1","@tinymce/oxide-icons-default@2.0.3","@tinymce/oxide-icons-default@2.1.0","@tinymce/oxide-icons-default@2.1.1","@tinymce/oxide-icons-default@2.1.2","@tinymce/oxide-icons-default@2.1.3","@tinymce/oxide-icons-default@2.2.0","@tinymce/oxide-icons-default@2.2.1","@tinymce/oxide-icons-default@2.4.0","@tinymce/oxide-icons-default@2.4.1","@tinymce/oxide-icons-default@2.5.0","@tinymce/oxide-icons-default@2.5.1","@tinymce/oxide-icons-default@2.6.0","@tinymce/oxide-icons-default@2.6.0-alpha.0","@tinymce/oxide-icons-default@2.6.1","@tinymce/oxide-icons-default@3.0.0","@tinymce/oxide-icons-default@4.0.0","@tinymce/oxide@1.10.0","@tinymce/oxide@1.10.1","@tinymce/oxide@1.3.0","@tinymce/oxide@1.3.1","@tinymce/oxide@1.3.2","@tinymce/oxide@1.3.3","@tinymce/oxide@1.4.0","@tinymce/oxide@1.4.1","@tinymce/oxide@1.4.2","@tinymce/oxide@1.5.0","@tinymce/oxide@1.5.1","@tinymce/oxide@1.6.0","@tinymce/oxide@1.6.1","@tinymce/oxide@1.7.0","@tinymce/oxide@1.7.1","@tinymce/oxide@1.8.0","@tinymce/oxide@1.8.1","@tinymce/oxide@1.9.0","@tinymce/oxide@1.9.1","@tinymce/oxide@2.0.0","@tinymce/oxide@2.0.0-alpha.0","@tinymce/oxide@2.0.0-alpha.1","@tinymce/oxide@2.0.0-alpha.2","@tinymce/oxide@2.0.0-alpha.3","@tinymce/oxide@2.0.0-alpha.4","@tinymce/oxide@2.0.0-alpha.5","@tinymce/oxide@2.0.0-alpha.6","@tinymce/oxide@2.0.1","@tinymce/oxide@2.0.2","@tinymce/oxide@2.0.3","@tinymce/oxide@2.0.4","@tinymce/oxide@2.0.5","@tinymce/oxide@2.0.6","@tinymce/oxide@2.0.7","@tinymce/oxide@2.0.8-alpha.1","@tinymce/oxide@2.1.0","@tinymce/oxide@2.1.0-alpha.2","@tinymce/oxide@2.1.1","@tinymce/oxide@2.2.0","@tinymce/oxide@2.2.1","@tinymce/oxide@2.3.0","@tinymce/oxide@2.3.1","@tinymce/oxide@2.4.0","@tinymce/oxide@2.4.1","@tinymce/oxide@2.4.2","@tinymce/oxide@2.4.3","@tinymce/oxide@2.4.4","@tinymce/oxide@2.4.5","@tinymce/oxide@2.5.0","@tinymce/oxide@2.5.0-alpha.0","@tinymce/oxide@2.5.1","@tinymce/oxide@2.6.0","@tinymce/oxide@2.6.1","@tinymce/oxide@2.6.2","@tinymce/oxide@2.7.0","@tinymce/oxide@2.7.0-alpha.0","@tinymce/oxide@2.8.0","@tinymce/oxide@2.8.1","@tinymce/oxide@2.8.2","@tinymce/oxide@3.0.0","@tinymce/oxide@4.0.0","tinymce@6.8.4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-38356.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}