TinyMCE 5 HTML Injection

TinyMCE 5 suffers from an html injection vulnerability.


MD5 | 8d10899efec7dcd3fe8064bc659cc21d

# Exploit Title: iframe Injection\Html Injection TinyMCE 5 HTML WYSIWYG
# Date:18.10.2020
# Author: Vincent666 ibn Winnie
# Software Link: https://www.tiny.cloud/features/
# Tested on: Windows 10
# Web Browser: Mozilla Firefox
# Blog : https://pentest-vincent.blogspot.com/
# PoC: https://pentest-vincent.blogspot.com/2020/10/iframehtml-injection-tinymce-5-html.html

PoC:

The editor has the function of inserting an iframe, but we did not use
this option and tested other fields.

We have iframe injection in TinyMCE 5.

I use for example demo TinyMCE and Plone Cms with TinyMCE.

Our iframe injection on the demo:

Insert - Media - Embed - our iframe code.

In the demo Plone Cms:

Insert - Image - Caption - our iframe code.

If a simple user can inject his code into these fields, then he can
use it for phishing and other things.

Picture:

https://imgur.com/a/IM6PBQh

Iframe injection video:

https://www.youtube.com/watch?v=KHbhD_zmWcI&feature=youtu.be

Html injection video :

https://www.youtube.com/watch?v=IoR89uQcbGc&feature=youtu.be

Related Posts