Description

TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor.

Remediation

References

CVE-2020-17480

Related Vulnerabilities

Internet Information Services Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-1999-0349)

WordPress Plugin The Plus Addons for Elementor Cross-Site Scripting (4.1.11)

WordPress Plugin SMTP Mailer Cross-Site Request Forgery (1.0.6)

WordPress Plugin Post Grid, List for WordPress-Content Views Cross-Site Scripting (1.6.1)

WordPress Plugin RSVPMaker for Toastmasters Cross-Site Request Forgery (3.3.4)

Severity

Medium

Classification

CVE-2020-17480 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities