Medium severity6.1NVD Advisory· Published Feb 12, 2017· Updated May 13, 2026

CVE-2017-5961

Description

An issue was discovered in ionize through 1.0.8. The vulnerability exists due to insufficient filtration of user-supplied data in the "path" HTTP GET parameter passed to the "ionize-master/themes/admin/javascript/tinymce/jscripts/tiny_mce/plugins/codemirror/dialog.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

Affected products

Ionizecms/Ionize
cpe:2.3:a:ionizecms:ionize:*:*:*:*:*:*:*:*
Range: <=1.0.8

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/ionize/ionize/issues/393nvdExploitPatchVendor Advisory
www.securityfocus.com/bid/96196nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.397
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000