Описание
tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization of Input During Web Page Generation. The impact is: JavaScript code execution. The component is: Media element. The attack vector is: The victim must paste malicious content to media element's embed tab.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.9.10 (исключая)Версия от 5.0.0 (включая) до 5.2.2 (исключая)
Одно из
cpe:2.3:a:tiny:tinymce:*:*:*:*:*:*:*:*
cpe:2.3:a:tiny:tinymce:*:*:*:*:*:*:*:*
EPSS
Процентиль: 78%
0.01139
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 6.1
ubuntu
больше 6 лет назад
tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization of Input During Web Page Generation. The impact is: JavaScript code execution. The component is: Media element. The attack vector is: The victim must paste malicious content to media element's embed tab.
CVSS3: 6.1
debian
больше 6 лет назад
tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization ...
EPSS
Процентиль: 78%
0.01139
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
CWE-79