I got CVE-2022-23494 by reporting a vulnerability in TinyMCE 5.10.6

I found and reported cross-site scripting (XSS) vulnerabilities in TinyMCE version 5.10.6, and was issued CVE-2022-23494

I'm diagnosing vulnerabilities in my company. we accidentally diagnosed a service using TinyMCE 5.10.6, and we found a vulnerability here because commercial software also has a vulnerability threat.

When a security professional diagnoses a vulnerability, commercial software is often less likely to diagnose it. However, I believe that our service of purchasing and using commercial software must be diagnosed.

I will write in detail about the vulnerabilities in the URL below. Tiny InfoSec has been granted disclosure rights and vulnerabilities were already patched 6 months ago.

You can find the post about this at the link below. Currently creating

• https://p4rkjw.com

This has been P4rkJW. Thank you.