CVE-2020-17480: Cross-site Scripting

August 10, 2020 (updated August 11, 2020)

TinyMCE allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor.

References

nvd.nist.gov/vuln/detail/CVE-2020-17480
www.tiny.cloud/docs/release-notes/release-notes514/

Code Behaviors & Features

Detect and mitigate CVE-2020-17480 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →