CVE-2020-17480

{"id": "CVE-2020-17480", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2020-08-10T20:15:11.737", "references": [{"url": "https://github.com/tinymce/tinymce/security/advisories/GHSA-27gm-ghr9-4v95", "tags": ["Exploit", "Release Notes", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.tiny.cloud/docs/release-notes/release-notes514/#securityfixes", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/tinymce/tinymce/security/advisories/GHSA-27gm-ghr9-4v95", "tags": ["Exploit", "Release Notes", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.tiny.cloud/docs/release-notes/release-notes514/#securityfixes", "tags": ["Release Notes", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor."}, {"lang": "es", "value": "TinyMCE versiones anteriores a 4.9.7 y versiones 5.x anteriores a 5.1.4, permite un ataque de tipo XSS en el analizador central, el plugin paste y el plugin visualchars mediante el uso del portapapeles o las API para insertar contenido en el editor"}], "lastModified": "2024-11-21T05:08:12.057", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tiny:tinymce:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E070489E-A8EB-4B78-980C-F68DEFBA794C", "versionEndExcluding": "4.9.7"}, {"criteria": "cpe:2.3:a:tiny:tinymce:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D405D559-63D7-4550-AEA9-07A3A04F1306", "versionEndExcluding": "5.1.4", "versionStartIncluding": "5.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}