CVE-2020-12648
Description
A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode.
Risk Information
Base Score
6.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.283
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2020-12648 are fixed in Nuget - TinyMCE 4.9.11 | Windows |
| Vulnerabilities CVE-2020-12648 are fixed in Nuget - TinyMCE 5.4.1 | Windows |
| Vulnerabilities CVE-2020-12648 are fixed in Nuget - TinyMCE for Linux 4.9.11 | Linux |
| Vulnerabilities CVE-2020-12648 are fixed in Nuget - TinyMCE for Linux 5.4.1 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234