TinyMCE Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-17480)

Description

TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor.

Remediation

References

CVE-2020-17480

Related Vulnerabilities

Apache HTTP Server Uncontrolled Resource Consumption Vulnerability (CVE-2023-43622)

Oracle HTTP Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-43818)

MySQL CVE-2014-0430 Vulnerability (CVE-2014-0430)

e107 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-6433)

WordPress Plugin Debug Log Manager Cross-Site Request Forgery (2.2.1)

Severity

Medium

Classification

CVE-2020-17480 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N