CVE-2020-5809

MEDIUM WAF: High

CVSS 5.4 Published: 2020-12-30

CWE-79

A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user can inject arbitrary JavaScript code into iframes when editing content using the TinyMCE rich-text editor, as TinyMCE is configured to allow iframes by default in Umbraco CMS.

WAF Coverage Analysis

Cross-Site Scripting (XSS) High WAF Coverage

OWASP: A03:2021 Injection

941xxx - XSS / XXE

Affected Software

Vendor	Product	Version
umbraco	umbraco_cms	up to 8.9.1

References

www.tenable.com (Exploit, Third Party Advisory)

Back to CVE Database