CVE-2020-5809
N/A
N/A
Summary
A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user can inject arbitrary JavaScript code into iframes when editing content using the TinyMCE rich-text editor, as TinyMCE is configured to allow iframes by default in Umbraco CMS.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Umbraco CMS | <= 8.9.1 or current (unfixed) | affected |
Weaknesses
- Stored Cross-Site Scripting
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.