Description

TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor.

Remediation

References

CVE-2020-17480

Related Vulnerabilities

Oracle Database Server CVE-2006-0261 Vulnerability (CVE-2006-0261)

Dolibarr Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-14240)

WordPress Plugin Ship To eCourier Cross-Site Request Forgery (1.0.1)

WordPress Plugin Jekyll Exporter Remote Code Execution (2.2.0)

Coppermine Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-2476)

Severity

Medium

Classification

CVE-2020-17480 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities