Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
TinyMCE Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2020-17480 - Vulnerability Database
TinyMCE

TinyMCE Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2020-17480

Medium
Reference: CVE-2020-17480
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2020-17480
Title: TinyMCE Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser the paste plugin and the visualchars plugin by using the clipboard or APIs to insert content into the editor.