GHSA-9j5w-2cqc-cwj9: 
PHP vulnerability analysis and mitigation

A stored XSS vulnerability (GHSA-9j5w-2cqc-cwj9) was discovered in OpenMage's TinyMCE WYSIWYG editor affecting versions prior to 20.2.0. The vulnerability was identified through a HackerOne report by security researcher Halit AKAYDIN. The vulnerability affects the TinyMCE editor component, which failed to properly filter scripts when rendering HTML in specially crafted HTML tags (GitHub Advisory).

The vulnerability is classified as High severity with a CVSS score of 7.5. The attack exploits the 'onmouseover' attribute of img elements, allowing for script execution through specially crafted HTML tags. The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L, indicating network attack vector, low attack complexity, high privileges required, and user interaction required (GitHub Advisory).

The vulnerability could lead to stored XSS attacks, potentially compromising data confidentiality (High impact), data integrity (Low impact), and system availability (Low impact). The scope is changed, meaning the vulnerable component can impact resources beyond its security scope (GitHub Advisory).

The vulnerability has been patched in OpenMage version 20.2.0 by upgrading TinyMCE to version 6.7.1. For users unable to upgrade immediately, temporary workarounds include disabling the WYSIWYG editor features in the configuration or implementing WAF appliances to filter potential attacks (OpenMage Release).

The vulnerability was addressed as part of a major update to OpenMage's core components, with the TinyMCE editor being upgraded from version 3 to version 6.7.1. The community responded positively to this security update, recognizing it as a significant improvement to the platform's security posture (OpenMage Release).