Path to vulnerable library: /samples/SampleAlloy/modules/_protected/EPiServer.Cms.TinyMce/EPiServer.Cms.TinyMce/1.0.0/ClientResources/tinymce/themes/advanced/js/source_editor.js.uncompressed.js
Path to vulnerable library: /samples/SampleAlloy/modules/_protected/EPiServer.Cms.TinyMce/EPiServer.Cms.TinyMce/1.0.0/ClientResources/tinymce/plugins/pagebreak/editor_plugin_src.js.uncompressed.js
Path to vulnerable library: /samples/SampleAlloy/modules/_protected/EPiServer.Cms.TinyMce/EPiServer.Cms.TinyMce/1.0.0/ClientResources/tinymce/plugins/autosave/editor_plugin_src.js.uncompressed.js
Path to vulnerable library: /samples/SampleAlloy/modules/_protected/EPiServer.Cms.TinyMce/EPiServer.Cms.TinyMce/1.0.0/ClientResources/tinymce/plugins/layer/editor_plugin_src.js.uncompressed.js
Path to vulnerable library: /samples/SampleAlloy/modules/_protected/EPiServer.Cms.TinyMce/EPiServer.Cms.TinyMce/1.0.0/ClientResources/tinymce/themes/simple/editor_template_src.js.uncompressed.js
Path to vulnerable library: /samples/SampleAlloy/modules/_protected/EPiServer.Cms.TinyMce/EPiServer.Cms.TinyMce/1.0.0/ClientResources/tinymce/plugins/visualblocks/editor_plugin_src.js.uncompressed.js
Path to vulnerable library: /samples/SampleAlloy/modules/_protected/EPiServer.Cms.TinyMce/EPiServer.Cms.TinyMce/1.0.0/ClientResources/tinymce/plugins/tabfocus/editor_plugin_src.js.uncompressed.js
Path to vulnerable library: /samples/SampleAlloy/modules/_protected/EPiServer.Cms.TinyMce/EPiServer.Cms.TinyMce/1.0.0/ClientResources/tinymce/plugins/advlist/editor_plugin_src.js.uncompressed.js
Path to vulnerable library: /samples/SampleAlloy/modules/_protected/EPiServer.Cms.TinyMce/EPiServer.Cms.TinyMce/1.0.0/ClientResources/tinymce/plugins/bbcode/editor_plugin_src.js.uncompressed.js
Path to vulnerable library: /samples/SampleAlloy/modules/_protected/EPiServer.Cms.TinyMce/EPiServer.Cms.TinyMce/1.0.0/ClientResources/tinymce/plugins/legacyoutput/editor_plugin_src.js.uncompressed.js
Path to vulnerable library: /samples/SampleAlloy/modules/_protected/EPiServer.Cms.TinyMce/EPiServer.Cms.TinyMce/1.0.0/ClientResources/tinymce/plugins/save/editor_plugin_src.js.uncompressed.js
Path to vulnerable library: /samples/SampleAlloy/modules/_protected/EPiServer.Cms.TinyMce/EPiServer.Cms.TinyMce/1.0.0/ClientResources/tinymce/plugins/visualchars/editor_plugin_src.js.uncompressed.js
Path to vulnerable library: /samples/SampleAlloy/modules/_protected/EPiServer.Cms.TinyMce/EPiServer.Cms.TinyMce/1.0.0/ClientResources/tinymce/plugins/contextmenu/editor_plugin_src.js.uncompressed.js
Path to vulnerable library: /samples/SampleAlloy/modules/_protected/EPiServer.Cms.TinyMce/EPiServer.Cms.TinyMce/1.0.0/ClientResources/tinymce/plugins/directionality/editor_plugin_src.js.uncompressed.js
Path to vulnerable library: /samples/SampleAlloy/modules/_protected/EPiServer.Cms.TinyMce/EPiServer.Cms.TinyMce/1.0.0/ClientResources/tinymce/plugins/template/editor_plugin_src.js.uncompressed.js
Path to vulnerable library: /samples/SampleAlloy/modules/_protected/EPiServer.Cms.TinyMce/EPiServer.Cms.TinyMce/1.0.0/ClientResources/tinymce/plugins/iespell/editor_plugin_src.js.uncompressed.js
Path to vulnerable library: /samples/SampleAlloy/modules/_protected/EPiServer.Cms.TinyMce/EPiServer.Cms.TinyMce/1.0.0/ClientResources/tinymce/plugins/autolink/editor_plugin_src.js.uncompressed.js
Path to vulnerable library: /samples/SampleAlloy/modules/_protected/EPiServer.Cms.TinyMce/EPiServer.Cms.TinyMce/1.0.0/ClientResources/tinymce/plugins/nonbreaking/editor_plugin_src.js.uncompressed.js
Path to vulnerable library: /samples/SampleAlloy/modules/_protected/EPiServer.Cms.TinyMce/EPiServer.Cms.TinyMce/1.0.0/ClientResources/tinymce/plugins/print/editor_plugin_src.js.uncompressed.js
Path to vulnerable library: /samples/SampleAlloy/modules/_protected/EPiServer.Cms.TinyMce/EPiServer.Cms.TinyMce/1.0.0/ClientResources/tinymce/plugins/insertdatetime/editor_plugin_src.js.uncompressed.js
Path to vulnerable library: /samples/SampleAlloy/modules/_protected/EPiServer.Cms.TinyMce/EPiServer.Cms.TinyMce/1.0.0/ClientResources/tinymce/plugins/lists/editor_plugin_src.js.uncompressed.js
A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode.
CVE-2020-12648 - Medium Severity Vulnerability
source_editor-3.5.8.js
TinyMCE rich text editor
Library home page: https://cdnjs.cloudflare.com/ajax/libs/tinymce/3.5.8/themes/advanced/js/source_editor.js
Path to vulnerable library: /samples/SampleAlloy/modules/_protected/EPiServer.Cms.TinyMce/EPiServer.Cms.TinyMce/1.0.0/ClientResources/tinymce/themes/advanced/js/source_editor.js.uncompressed.js
Dependency Hierarchy: - :x: **source_editor-3.5.8.js** (Vulnerable Library)
editor_plugin_src-3.5.8.js
TinyMCE rich text editor
Library home page: https://cdnjs.cloudflare.com/ajax/libs/tinymce/3.5.8/plugins/pagebreak/editor_plugin_src.js
Path to vulnerable library: /samples/SampleAlloy/modules/_protected/EPiServer.Cms.TinyMce/EPiServer.Cms.TinyMce/1.0.0/ClientResources/tinymce/plugins/pagebreak/editor_plugin_src.js.uncompressed.js
Dependency Hierarchy: - :x: **editor_plugin_src-3.5.8.js** (Vulnerable Library)
editor_plugin_src-3.5.8.js
TinyMCE rich text editor
Library home page: https://cdnjs.cloudflare.com/ajax/libs/tinymce/3.5.8/plugins/autosave/editor_plugin_src.js
Path to vulnerable library: /samples/SampleAlloy/modules/_protected/EPiServer.Cms.TinyMce/EPiServer.Cms.TinyMce/1.0.0/ClientResources/tinymce/plugins/autosave/editor_plugin_src.js.uncompressed.js
Dependency Hierarchy: - :x: **editor_plugin_src-3.5.8.js** (Vulnerable Library)
editor_plugin_src-3.5.8.js
TinyMCE rich text editor
Library home page: https://cdnjs.cloudflare.com/ajax/libs/tinymce/3.5.8/plugins/layer/editor_plugin_src.js
Path to vulnerable library: /samples/SampleAlloy/modules/_protected/EPiServer.Cms.TinyMce/EPiServer.Cms.TinyMce/1.0.0/ClientResources/tinymce/plugins/layer/editor_plugin_src.js.uncompressed.js
Dependency Hierarchy: - :x: **editor_plugin_src-3.5.8.js** (Vulnerable Library)
editor_template_src-3.5.8.js
TinyMCE rich text editor
Library home page: https://cdnjs.cloudflare.com/ajax/libs/tinymce/3.5.8/themes/simple/editor_template_src.js
Path to vulnerable library: /samples/SampleAlloy/modules/_protected/EPiServer.Cms.TinyMce/EPiServer.Cms.TinyMce/1.0.0/ClientResources/tinymce/themes/simple/editor_template_src.js.uncompressed.js
Dependency Hierarchy: - :x: **editor_template_src-3.5.8.js** (Vulnerable Library)
editor_plugin_src-3.5.8.js
TinyMCE rich text editor
Library home page: https://cdnjs.cloudflare.com/ajax/libs/tinymce/3.5.8/plugins/visualblocks/editor_plugin_src.js
Path to vulnerable library: /samples/SampleAlloy/modules/_protected/EPiServer.Cms.TinyMce/EPiServer.Cms.TinyMce/1.0.0/ClientResources/tinymce/plugins/visualblocks/editor_plugin_src.js.uncompressed.js
Dependency Hierarchy: - :x: **editor_plugin_src-3.5.8.js** (Vulnerable Library)
editor_plugin_src-3.5.8.js
TinyMCE rich text editor
Library home page: https://cdnjs.cloudflare.com/ajax/libs/tinymce/3.5.8/plugins/tabfocus/editor_plugin_src.js
Path to vulnerable library: /samples/SampleAlloy/modules/_protected/EPiServer.Cms.TinyMce/EPiServer.Cms.TinyMce/1.0.0/ClientResources/tinymce/plugins/tabfocus/editor_plugin_src.js.uncompressed.js
Dependency Hierarchy: - :x: **editor_plugin_src-3.5.8.js** (Vulnerable Library)
editor_plugin_src-3.5.8.js
TinyMCE rich text editor
Library home page: https://cdnjs.cloudflare.com/ajax/libs/tinymce/3.5.8/plugins/advlist/editor_plugin_src.js
Path to vulnerable library: /samples/SampleAlloy/modules/_protected/EPiServer.Cms.TinyMce/EPiServer.Cms.TinyMce/1.0.0/ClientResources/tinymce/plugins/advlist/editor_plugin_src.js.uncompressed.js
Dependency Hierarchy: - :x: **editor_plugin_src-3.5.8.js** (Vulnerable Library)
editor_plugin_src-3.5.8.js
TinyMCE rich text editor
Library home page: https://cdnjs.cloudflare.com/ajax/libs/tinymce/3.5.8/plugins/bbcode/editor_plugin_src.js
Path to vulnerable library: /samples/SampleAlloy/modules/_protected/EPiServer.Cms.TinyMce/EPiServer.Cms.TinyMce/1.0.0/ClientResources/tinymce/plugins/bbcode/editor_plugin_src.js.uncompressed.js
Dependency Hierarchy: - :x: **editor_plugin_src-3.5.8.js** (Vulnerable Library)
editor_plugin_src-3.5.8.js
TinyMCE rich text editor
Library home page: https://cdnjs.cloudflare.com/ajax/libs/tinymce/3.5.8/plugins/legacyoutput/editor_plugin_src.js
Path to vulnerable library: /samples/SampleAlloy/modules/_protected/EPiServer.Cms.TinyMce/EPiServer.Cms.TinyMce/1.0.0/ClientResources/tinymce/plugins/legacyoutput/editor_plugin_src.js.uncompressed.js
Dependency Hierarchy: - :x: **editor_plugin_src-3.5.8.js** (Vulnerable Library)
editor_plugin_src-3.5.8.js
TinyMCE rich text editor
Library home page: https://cdnjs.cloudflare.com/ajax/libs/tinymce/3.5.8/plugins/save/editor_plugin_src.js
Path to vulnerable library: /samples/SampleAlloy/modules/_protected/EPiServer.Cms.TinyMce/EPiServer.Cms.TinyMce/1.0.0/ClientResources/tinymce/plugins/save/editor_plugin_src.js.uncompressed.js
Dependency Hierarchy: - :x: **editor_plugin_src-3.5.8.js** (Vulnerable Library)
editor_plugin_src-3.5.8.js
TinyMCE rich text editor
Library home page: https://cdnjs.cloudflare.com/ajax/libs/tinymce/3.5.8/plugins/visualchars/editor_plugin_src.js
Path to vulnerable library: /samples/SampleAlloy/modules/_protected/EPiServer.Cms.TinyMce/EPiServer.Cms.TinyMce/1.0.0/ClientResources/tinymce/plugins/visualchars/editor_plugin_src.js.uncompressed.js
Dependency Hierarchy: - :x: **editor_plugin_src-3.5.8.js** (Vulnerable Library)
editor_plugin_src-3.5.8.js
TinyMCE rich text editor
Library home page: https://cdnjs.cloudflare.com/ajax/libs/tinymce/3.5.8/plugins/contextmenu/editor_plugin_src.js
Path to vulnerable library: /samples/SampleAlloy/modules/_protected/EPiServer.Cms.TinyMce/EPiServer.Cms.TinyMce/1.0.0/ClientResources/tinymce/plugins/contextmenu/editor_plugin_src.js.uncompressed.js
Dependency Hierarchy: - :x: **editor_plugin_src-3.5.8.js** (Vulnerable Library)
editor_plugin_src-3.5.8.js
TinyMCE rich text editor
Library home page: https://cdnjs.cloudflare.com/ajax/libs/tinymce/3.5.8/plugins/directionality/editor_plugin_src.js
Path to vulnerable library: /samples/SampleAlloy/modules/_protected/EPiServer.Cms.TinyMce/EPiServer.Cms.TinyMce/1.0.0/ClientResources/tinymce/plugins/directionality/editor_plugin_src.js.uncompressed.js
Dependency Hierarchy: - :x: **editor_plugin_src-3.5.8.js** (Vulnerable Library)
editor_plugin_src-3.5.8.js
TinyMCE rich text editor
Library home page: https://cdnjs.cloudflare.com/ajax/libs/tinymce/3.5.8/plugins/template/editor_plugin_src.js
Path to vulnerable library: /samples/SampleAlloy/modules/_protected/EPiServer.Cms.TinyMce/EPiServer.Cms.TinyMce/1.0.0/ClientResources/tinymce/plugins/template/editor_plugin_src.js.uncompressed.js
Dependency Hierarchy: - :x: **editor_plugin_src-3.5.8.js** (Vulnerable Library)
editor_plugin_src-3.5.8.js
TinyMCE rich text editor
Library home page: https://cdnjs.cloudflare.com/ajax/libs/tinymce/3.5.8/plugins/iespell/editor_plugin_src.js
Path to vulnerable library: /samples/SampleAlloy/modules/_protected/EPiServer.Cms.TinyMce/EPiServer.Cms.TinyMce/1.0.0/ClientResources/tinymce/plugins/iespell/editor_plugin_src.js.uncompressed.js
Dependency Hierarchy: - :x: **editor_plugin_src-3.5.8.js** (Vulnerable Library)
editor_plugin_src-3.5.8.js
TinyMCE rich text editor
Library home page: https://cdnjs.cloudflare.com/ajax/libs/tinymce/3.5.8/plugins/autolink/editor_plugin_src.js
Path to vulnerable library: /samples/SampleAlloy/modules/_protected/EPiServer.Cms.TinyMce/EPiServer.Cms.TinyMce/1.0.0/ClientResources/tinymce/plugins/autolink/editor_plugin_src.js.uncompressed.js
Dependency Hierarchy: - :x: **editor_plugin_src-3.5.8.js** (Vulnerable Library)
editor_plugin_src-3.5.8.js
TinyMCE rich text editor
Library home page: https://cdnjs.cloudflare.com/ajax/libs/tinymce/3.5.8/plugins/nonbreaking/editor_plugin_src.js
Path to vulnerable library: /samples/SampleAlloy/modules/_protected/EPiServer.Cms.TinyMce/EPiServer.Cms.TinyMce/1.0.0/ClientResources/tinymce/plugins/nonbreaking/editor_plugin_src.js.uncompressed.js
Dependency Hierarchy: - :x: **editor_plugin_src-3.5.8.js** (Vulnerable Library)
editor_plugin_src-3.5.8.js
TinyMCE rich text editor
Library home page: https://cdnjs.cloudflare.com/ajax/libs/tinymce/3.5.8/plugins/print/editor_plugin_src.js
Path to vulnerable library: /samples/SampleAlloy/modules/_protected/EPiServer.Cms.TinyMce/EPiServer.Cms.TinyMce/1.0.0/ClientResources/tinymce/plugins/print/editor_plugin_src.js.uncompressed.js
Dependency Hierarchy: - :x: **editor_plugin_src-3.5.8.js** (Vulnerable Library)
editor_plugin_src-3.5.8.js
TinyMCE rich text editor
Library home page: https://cdnjs.cloudflare.com/ajax/libs/tinymce/3.5.8/plugins/insertdatetime/editor_plugin_src.js
Path to vulnerable library: /samples/SampleAlloy/modules/_protected/EPiServer.Cms.TinyMce/EPiServer.Cms.TinyMce/1.0.0/ClientResources/tinymce/plugins/insertdatetime/editor_plugin_src.js.uncompressed.js
Dependency Hierarchy: - :x: **editor_plugin_src-3.5.8.js** (Vulnerable Library)
editor_plugin_src-3.5.8.js
TinyMCE rich text editor
Library home page: https://cdnjs.cloudflare.com/ajax/libs/tinymce/3.5.8/plugins/lists/editor_plugin_src.js
Path to vulnerable library: /samples/SampleAlloy/modules/_protected/EPiServer.Cms.TinyMce/EPiServer.Cms.TinyMce/1.0.0/ClientResources/tinymce/plugins/lists/editor_plugin_src.js.uncompressed.js
Dependency Hierarchy: - :x: **editor_plugin_src-3.5.8.js** (Vulnerable Library)
Found in base branch: master
A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode.
Publish Date: 2020-08-14
URL: CVE-2020-12648
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12648
Release Date: 2020-08-17
Fix Resolution: 4.9.11,5.4.1
Step up your Open Source Security Game with Mend here