5 matches found
CVE-2020-12648
CVE-2020-12648 describes an XSS vulnerability in TinyMCE 5.2.1 and earlier, exploitable when configured in classic editing mode. The provided connected documents corroborate that TinyMCE’s classic editor mode allows remote attackers to inject arbitrary web scripts, but do not provide details on a...
CVE-2020-12648
Removed by vendor...
High-Severity TinyMCE Cross-Site Scripting Flaw Fixed
A high-severity flaw has been disclosed in TinyMCE, an open-source text editor used in the content management systems CMS of websites. The recently patched flaw could have been potentially exploited remotely by attackers to gain administrative privileges to websites. TinyMCE, developed by Tiny...
@angular-materials/ngx-admin (>=1.0.0 <=1.0.1), @ec.components/tinymce (>=0.5.7 <=0.6.0) +34 more potentially affected by CVE-2020-12648 via tinymce (>=4.5.1 <=4.8.5)
tinymce NPM version =4.5.1, =1.0.0, =0.5.7, =0.1.1, =0.0.13, =1.3.0, =8.0.0, =0.8.8, =0.6.3, =1.2.0, =1.0.0-alpha.0, =1.1.0, =2.4.1, =4.0.0 and more Source cves: CVE-2020-12648 Source advisory: OSV:GHSA-VRV8-V4W8-F95H...
3h1-ui (>=2.14.41 <=3.0.0-next.258), @abt-desk/apm (>=0.0.1 <=0.33.12) +955 more potentially affected by CVE-2020-12648 via tinymce (>=5.0.11 <=5.3.2)
tinymce NPM version =5.0.11, =2.14.41, =0.0.1, =0.1.0, =0.1.2, =0.3.7, =0.1.17, =0.1.0, =0.0.1, =0.2.0-0, =1.0.18-beta.8, =1.0.0, =1.2.3-beta.1, =0.1.1, =1.0.0, =8.7.0 and more Source cves: CVE-2020-12648 Source advisory: OSV:GHSA-VRV8-V4W8-F95H...