XSS in Tinacms
CVE-2026-55661
Tina is a headless content management system. In versions prior to @tinacms/mdx 2.1.7 and tinacms 3.9.3, rich-text parsing and the default link/image renderers did not sanitize the url field on Slate link/image nodes. Content containing…
Vulnerability class: XSS (Cross-Site Scripting)
Affected products
- Tinacms — versions < 3.9.3
- Tinacms @Tinacms/mdx — versions < 2.1.7
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_CONFIRM)