Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2012-4230

Published: Apr 25, 2014 | Modified: Aug 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2012-4230
CWEhttps://cwe.mitre.org/data/definitions/264.html

The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the (1) encoding directive and (2) valid_elements attribute, which allows attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors, as demonstrated using a textarea element.

Affected Software

Name Vendor Start Version End Version
Tinymce Tinymce 3.5.8 (including) 3.5.8 (including)
Tinymce Ubuntu artful *
Tinymce Ubuntu bionic *
Tinymce Ubuntu cosmic *
Tinymce Ubuntu disco *
Tinymce Ubuntu eoan *
Tinymce Ubuntu esm-apps/bionic *
Tinymce Ubuntu esm-apps/focal *
Tinymce Ubuntu esm-apps/xenial *
Tinymce Ubuntu focal *
Tinymce Ubuntu groovy *
Tinymce Ubuntu lucid *
Tinymce Ubuntu precise *
Tinymce Ubuntu quantal *
Tinymce Ubuntu saucy *
Tinymce Ubuntu trusty *
Tinymce Ubuntu upstream *
Tinymce Ubuntu utopic *
Tinymce Ubuntu vivid *
Tinymce Ubuntu wily *
Tinymce Ubuntu xenial *
Tinymce Ubuntu yakkety *
Tinymce Ubuntu zesty *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use