[wp-trac] [WordPress Trac] #49736: The tinymce package is vulnerable to Cross-Site Scripting (XSS) attacks.
WordPress Trac
noreply at wordpress.org
Tue Mar 31 09:01:02 UTC 2020
#49736: The tinymce package is vulnerable to Cross-Site Scripting (XSS) attacks.
--------------------------------+-----------------------------
Reporter: tlterry | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: External Libraries | Version:
Severity: critical | Keywords:
Focuses: |
--------------------------------+-----------------------------
Hi WordPress,
I am having the following issue. Can you please have a look issue how do
we resolve it? Thank you.
**EXPLANATION**
The tinymce package is vulnerable to Cross-Site Scripting (XSS) attacks.
The getPreviewHtml() function in the plugin.js file does not sufficiently
sanitize user-supplied input before using it to render an HTML preview. An
attacker can exploit this vulnerability by enticing a victim into pasting
a malicious JavaScript payload into the source code view. This will result
in script execution when the victim saves and previews the injection.
**DETECTION**
The application is vulnerable by using this component.
**RECOMMENDATION**
There is no non vulnerable version of this component/package. We recommend
investigating alternative components or a potential mitigating control.
**ROOT CAUSE**
tinymce-4.9.6.tgzpackage/plugins/preview/plugin.min.js[4.1.2, )
tinymce-4.9.6.tgzpackage/plugins/preview/plugin.js[4.1.2, )
---------------------------------------------------------------------------------------------------------
**Files Path:**
plugin.js located at /wp-includes/js/tinymce/plugins/charmap
plugin.min.js located at /wp-includes/js/tinymce/plugins/charmap
plugin.js located at /wp-includes/js/tinymce/plugins/colorpicker
plugin.min.js located at /wp-includes/js/tinymce/plugins/colorpicker
plugin.js located at /wp-includes/js/tinymce/plugins/directionality
plugin.min.js located at /wp-includes/js/tinymce/plugins/directionality
plugin.js located at /wp-includes/js/tinymce/plugins/fullscreen
plugin.min.js located at /wp-includes/js/tinymce/plugins/fullscreen
plugin.js located at /wp-includes/js/tinymce/plugins/hr
plugin.min.js located at /wp-includes/js/tinymce/plugins/hr
plugin.js located at /wp-includes/js/tinymce/plugins/image
plugin.min.js located at /wp-includes/js/tinymce/plugins/image
plugin.js located at /wp-includes/js/tinymce/plugins/link
plugin.min.js located at /wp-includes/js/tinymce/plugins/link
plugin.min.js located at /wp-includes/js/tinymce/plugins/lists
plugin.js located at /wp-includes/js/tinymce/plugins/media
plugin.min.js located at /wp-includes/js/tinymce/plugins/media
plugin.js located at /wp-includes/js/tinymce/plugins/paste
plugin.min.js located at /wp-includes/js/tinymce/plugins/paste
plugin.js located at /wp-includes/js/tinymce/plugins/tabfocus
plugin.min.js located at /wp-includes/js/tinymce/plugins/tabfocus
plugin.js located at /wp-includes/js/tinymce/plugins/textcolor
plugin.min.js located at /wp-includes/js/tinymce/plugins/textcolor
theme.js located at /wp-includes/js/tinymce/themes/inlite
theme.min.js located at /wp-includes/js/tinymce/themes/inlite
theme.js located at /wp-includes/js/tinymce/themes/modern
theme.min.js located at /wp-includes/js/tinymce/themes/modern
tinymce.min.js located at /wp-includes/js/tinymce
--
Ticket URL: <https://core.trac.wordpress.org/ticket/49736>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list