CVE-2020-17480: XSS
First published: Mon Aug 10 2020(Updated: )
TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tiny TinyMCE | <4.9.7 | |
| Tiny TinyMCE | >=5.0.0<5.1.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID of this vulnerability is CVE-2020-17480.
What is the severity level of CVE-2020-17480?
The severity level of CVE-2020-17480 is medium (6.1).
Which software versions are affected by CVE-2020-17480?
TinyMCE versions before 4.9.7 and 5.x before 5.1.4 are affected by CVE-2020-17480.
What is the CWE category of CVE-2020-17480?
The CWE category of CVE-2020-17480 is CWE-79 (Cross-Site Scripting).
How can the XSS vulnerability be exploited in TinyMCE?
The XSS vulnerability in TinyMCE can be exploited by using the clipboard or APIs to insert content into the editor.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/author
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/tiny
- canonical/tiny tinymce
- version/tiny tinymce/5.0.0