Arbitrary Web Script Injection Vulnerability in TinyMCE 5.2.1 and Earlier

Arbitrary Web Script Injection Vulnerability in TinyMCE 5.2.1 and Earlier

CVE-2020-12648 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode.

Learn more about our Web App Pen Testing.