tinymce@6.7.2 vulnerabilities

Web based JavaScript HTML WYSIWYG editor control.

Known vulnerabilities in the tinymce package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
M Cross-Site Scripting (XSS) tinymce is a web-based JavaScript HTML WYSIWYG editor control. Affected versions of this package are vulnerable to Cross-Site Scripting (XSS) via `iframe` elements inserted into the editor. Attacks are limited by same-origin browser protections, but downloading files is still possible. How to fix Cross-Site Scripting (XSS)? Upgrade `tinymce` to version 7.0.0 or higher.	<7.0.0
M Cross-site Scripting (XSS) tinymce is a web-based JavaScript HTML WYSIWYG editor control. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) when loading SVG files via `object` or `embed` elements. How to fix Cross-site Scripting (XSS)? Upgrade `tinymce` to version 7.0.0 or higher.	<7.0.0
M Cross-site Scripting (XSS) tinymce is a web-based JavaScript HTML WYSIWYG editor control. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via mutation of inner HTML. An attacker can inject malicious scripts that pass the initial sanitization layer when the content is parsed into the editor body, but can trigger XSS when the special internal marker is removed from the content and re-parsed. Text nodes in some parents are not sufficiently escaped upon serialization and can contain a special character reserved as an internal marker. How to fix Cross-site Scripting (XSS)? Upgrade `tinymce` to version 5.10.9, 6.7.3 or higher.	<5.10.9 >=6.0.0 <6.7.3