GMS-2021-8: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

November 2, 2021 (updated December 1, 2021)

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) in django-tinymce.

References

github.com/advisories/GHSA-r8hm-w5f7-wj39
github.com/jazzband/django-tinymce/issues/366
github.com/jazzband/django-tinymce/releases/tag/3.4.0
github.com/tinymce/tinymce/security/advisories/GHSA-r8hm-w5f7-wj39
pypi.org/project/django-tinymce/3.4.0/

Code Behaviors & Features

Detect and mitigate GMS-2021-8 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →