CVE List

CVE-2020-5809

Moderate 5.4

A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user can inject arbitrary JavaScript code into iframes when editing content using the TinyMCE rich-text editor, as TinyMCE is configured to allow iframes by default in Umbraco CMS.

Published December 30, 2020.

Affected software

Get alerts for Umbraco Umbraco CMS

Reference links