4.3
CVE-2012-4230
- EPSS 1.2%
- Veröffentlicht 25.04.2014 14:15:30
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the (1) encoding directive and (2) valid_elements attribute, which allows attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors, as demonstrated using a textarea element.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.2% | 0.641 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
http://osvdb.org/91130
http://packetstormsecurity.com/files/120750/TinyMCE-3.5.8-Cross-Site-Scripting.html
http://seclists.org/fulldisclosure/2013/Mar/114
http://www.madirish.net/554
http://www.securityfocus.com/bid/58424
https://exchange.xforce.ibmcloud.com/vulnerabilities/82744