Arbitrary Web Script Injection Vulnerability in TinyMCE 5.2.1 and Earlier
CVE-2020-12648 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode.
Learn more about our Web App Pen Testing.