Lucene search
AnonymousNODEJS:1680HistoryMay 06, 2021 - 5:30 p.m.
Cross-site scripting in TinyMCE
2021-05-0617:30:02
Anonymous
www.npmjs.com
21
0.001 Low
EPSS
Percentile
41.3%
Overview
tinymce before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor.
Recommendation
Upgrade to versions 4.9.7, 5.1.4 or later
References
| CPE | Name | Operator | Version |
|---|---|---|---|
| tinymce | lt | 4.9.7 || >=5.0.0 <5.1.4 |
Related
cvelist
cvelist
CVE-2020-17480
2020-08-10 19:34:35
cve
cve
CVE-2020-17480
2020-08-10 20:15:11
CVE-2020-23066
2023-06-26 19:15:09
prion
prion
Cross site scripting
2020-08-10 20:15:00
nvd
nvd
CVE-2020-17480
2020-08-10 20:15:11
CVE-2020-23066
2023-06-26 19:15:09
veracode
veracode
Cross-site Scripting (XSS)
2020-01-31 15:44:46
debiancve
debiancve
CVE-2020-17480
2020-08-10 20:15:11
CVE-2020-23066
2023-06-26 19:15:09
ubuntucve
ubuntucve
CVE-2020-17480
2020-08-10 00:00:00
github
github
Cross-site scripting vulnerability in TinyMCE
2020-01-30 21:22:15
osv
osv
Cross-site scripting in TinyMCE
2021-05-06 17:28:14
Cross-site scripting vulnerability in TinyMCE
2020-01-30 21:22:15
CVE-2020-23066
2023-06-26 19:15:09
