[wp-trac] [WordPress Trac] #49737: tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization of Input During Web Page Generation. The impact is: JavaScript code execution. The component is: Media element. The attack vector is: The victim must paste malicious content to media element's embed tab.
WordPress Trac
noreply at wordpress.org
Wed Apr 1 14:17:39 UTC 2020
#49737: tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization of
Input During Web Page Generation. The impact is: JavaScript code execution.
The component is: Media element. The attack vector is: The victim must
paste malicious content to media element's embed tab.
--------------------------+----------------------
Reporter: tlterry | Owner: (none)
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: TinyMCE | Version:
Severity: critical | Resolution: invalid
Keywords: | Focuses:
--------------------------+----------------------
Changes (by desrosj):
* component: External Libraries => TinyMCE
--
Ticket URL: <https://core.trac.wordpress.org/ticket/49737#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list