CVE-2020-12648
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-12648
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-12648.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-12648
- Aliases
- Related
- Published
- 2020-08-14T14:15:12Z
- Modified
- 2025-01-14T08:16:32.280173Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode.
- References
Affected packages
Git / github.com/tinymce/tinymce
Affected ranges
- Type
- GIT
- Repo
- https://github.com/tinymce/tinymce
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
2.*
2.0.7
2.0.9
2.1.1
2.1.2
3.*
3.0
3.0.1
3.0.2
3.0.2.1
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.0.9
3.0rc1
3.0rc2
3.1.0
3.2
3.2.0.2
3.2.1
3.2.1.1
3.2.2
3.2.2.1
3.2.2.2
3.2.3
3.2.6
3.2.7
3.3
3.3.1
3.3.2
3.3.3
3.3.4
3.3.5
3.3.6
3.3.7
3.3.8
3.3.9
3.3.9.1
3.3.9.2
3.3.9.3
3.3b1
3.3b2
3.3rc1
3.4
3.4.1
3.4.2
3.4.3
3.4.3.1
3.4.3.2
3.4.4
3.4.5
3.4.6
3.4.7
3.4.8
3.4.9
3.4b1
3.4b2
3.4b3
3.5
3.5.0.1
3.5.1
3.5.1.1
3.5.2
3.5.3
3.5.3.1
3.5.4
3.5.4.1
3.5.5
3.5.6
3.5.7
3.5.8
3.5b1
3.5b2
3.5b3
4.*
4.0
4.0.1
4.0.10
4.0.11
4.0.12
4.0.13
4.0.14
4.0.15
4.0.16
4.0.17
4.0.18
4.0.19
4.0.2
4.0.20
4.0.21
4.0.22
4.0.23
4.0.24
4.0.25
4.0.26
4.0.27
4.0.28
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.0.8
4.0.9
4.0b1
4.0b2
4.0b3
4.1.0
4.1.1
4.1.10
4.1.2
4.1.3
4.1.4
4.1.5
4.1.6
4.1.7
4.1.8
4.1.9
4.2.0
4.2.1
4.2.2
4.2.3
4.2.4
4.2.5
4.2.6
4.2.7
4.3.0
4.3.1
4.3.10
4.3.11
4.3.12
4.3.13
4.3.2
4.3.3
4.3.4
4.3.6
4.3.7
4.3.8
4.3.9
4.4.0
4.4.1
4.4.2
4.4.3
4.5.0
4.5.1
4.5.2
4.5.3
4.6.0
4.6.1
4.6.2
4.6.3
4.6.4
4.6.5
4.6.6
4.6.7
4.7.0
4.7.1
4.7.10
4.7.11
4.7.12
4.7.13
4.7.2
4.7.3
4.7.4
4.7.5
4.7.6
4.7.7
4.7.8
4.7.9
4.8.0
4.8.1
4.8.2
4.8.3
4.8.4
4.8.5
4.9.0
4.9.1
4.9.10
4.9.2
4.9.3
4.9.4
4.9.5
4.9.6
4.9.7
4.9.8
4.9.9