Retire.js
tinyMCE 4.5.2 Found in -https://www.virustotal.com/ui-public/elements/lazy-resources.html
Vulnerability info:
Medium FIXED so links with xlink:href attributes are filtered correctly to prevent XSS.

Detected results on URL: -https://www.virustotal.com/ui-public/elements/lazy-resources.html
Number of sources found: 392 and number of sinks found: 137

See SNYK on: https://snyk.io/vuln/npm:tinymce
DOM-based XSS is an that occurs purely in the browser when client-side JavaScript echoes back a portion of the URL onto the page. DOM-Based XSS is notoriously hard to detect, as the server never gets a chance to see the attack taking place.

See scripts loaded: https://retire.insecurity.today/#!/scan/94614e6c0fcdb877d4255cae1fcc7cb700f8ae19d248267ac797519d3a44fc9e

polonus