CVE-2020-12648

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-12648

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-12648.json

Aliases

• GHSA-vrv8-v4w8-f95h

Published

2020-08-14T14:15:12Z

Modified

2023-11-08T04:02:10.978052Z

Details

A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode.

References

• https://labs.bishopfox.com/advisories/tinymce-version-5.2.1