CVE-2020-23066 Information

Description

Cross Site Scripting vulnerability in TinyMCE v.4.9.6 and before and v.5.0.0 thru v.5.1.4 allows an attacker to execute arbitrary code via the editor function.

Reference

https://github.com/tinymce/tinymce/security/advisories/GHSA-27gm-ghr9-4v95 https://portswigger.net/daily-swig/xss-vulnerability-patched-in-tinymce