Description

TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor.

Remediation

References

CVE-2020-17480

Related Vulnerabilities

WordPress Plugin Theme Blvd Shortcodes Multiple Security Bypass Vulnerabilities (1.5.2)

Apache Tomcat Other Vulnerability (CVE-2000-0760)

SharePoint CVE-2023-38177 Vulnerability (CVE-2023-38177)

WordPress Plugin PowerPack for Beaver Builder Privilege Escalation (2.33.0)

Oracle Database Server CVE-2012-3151 Vulnerability (CVE-2012-3151)

Severity

Medium

Classification

CVE-2020-17480 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities