CVE-2020-12648

A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt