I'm using AngularJS and angular-ui-tinymce 0.0.9 version. lately, an XSS CVE (CVE-2023-45818) was discovered in tinyMCE and it was recommended to upgrade it to <5.10.8 >=6.0.0 <6.7.1.
The angular-ui-tinymce version seems to be supporting tinyMCE 4.x version (even the latest). is there a way to integrate AngularJS 5.x version of tinyMCE?
OR, disabling the "undo" and "redo" functionality in the app, which seems to be causing the CVE?
OR, another integration tool for AngularJS and tinyMCE?
Thanks.
I tried Downloading locally the tinymce.js of angular-ui-tinymce and downloading the tinyMCE 5.10.8 version, but they can't work together.
Tried upgrading the angular-ui-tinymce version to the latest (0.0.19), but it still only supports 4.x tinyMCE version.
Tried disabling the "undo" and "redo" options from the app, but by the tinyMCE site, it may not be enough (they mention there is no workaround).
*Tried looking for another integration tool for AngularJS, and couldn't find one.