ContextQMD
Back to Tinymce

8.5.1

.changes/tinymce/8.5.1.md

8.6.0307 B
Original Source

8.5.1 - 2026-05-19

Security

  • Fixed media plugin data-mce-object injection leading to stored XSS. #TINY-14357
  • Fixed stored XSS vulnerability through mce:protected comments. #TINY-14353
  • Fixed stored XSS vulnerability through data-mce- prefixed src, href, style attributes. #TINY-14333