Moderate severityNVD Advisory· Published Aug 14, 2020· Updated Aug 4, 2024
CVE-2020-12648
CVE-2020-12648
Description
A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tinymcenpm | < 4.9.11 | 4.9.11 |
tinymcenpm | >= 5.0.0, < 5.4.1 | 5.4.1 |
Affected products
2- TinyMCE/TinyMCEdescription
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-vrv8-v4w8-f95hghsaADVISORY
- github.com/tinymce/tinymce/commit/2b71c922214d388838d930806207a66c14e80f63ghsaWEB
- github.com/tinymce/tinymce/commit/696e43658dc9750ec24fdc4650bd2be9653daf5bghsaWEB
- github.com/tinymce/tinymce/pull/5843ghsaWEB
- github.com/tinymce/tinymce/security/advisories/GHSA-vrv8-v4w8-f95hghsaWEB
- labs.bishopfox.com/advisories/tinymce-version-5.2.1mitrex_refsource_MISC
- www.tiny.cloud/docs/release-notes/release-notes54/ghsaWEB
News mentions
0No linked articles in our index yet.