Описание
A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| tinymce | removed | package | ||
| tinymce | no-dsa | buster | package | |
| tinymce | ignored | stretch | package |
Примечания
https://labs.bishopfox.com/advisories/tinymce-version-5.2.1
EPSS
Процентиль: 51%
0.00283
Низкий
Связанные уязвимости
CVSS3: 6.1
ubuntu
больше 5 лет назад
A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode.
CVSS3: 6.1
nvd
больше 5 лет назад
A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode.
EPSS
Процентиль: 51%
0.00283
Низкий