Title: TinyMCE Compressor Multiple Vulnerabilities
Severity: MODERATE
Description:
TinyMCE is a platform independent Web-based JavaScript HTML WYSIWYG editor control. TinyMCE Compressor is a script that may be optionally used with the application for compression of generated JavaScript output.
TinyMCE Compressor is prone to multiple remote vulnerabilities. These issues result from insufficient sanitization of user-supplied data.
The script is affected by a file disclosure vulnerability. This threat likely arises due to a directory traversal type of vulnerability. An attacker can obtain arbitrary files by issuing an HTTP GET request and supplying the name of a target file followed by a NULL byte through variables used to specify language, plugins, themes etc. Information gathered through the exploitation of this issue may aid in other attacks.
The script is also affected by multiple cross-site scripting and HTML injection vulnerabilities. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks. The 'index' parameter is confirmed to be vulnerable to HTML injection attacks.
TinyMCE Compressor 1.0.5 and prior versions are vulnerable to these issues.
Affected Products:
- TinyMCE Compressor 1.0.5
References:
- TinyMCE: Home Page
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
