TinyMCE 5 suffers from an html injection vulnerability.
8d10899efec7dcd3fe8064bc659cc21d# Exploit Title: iframe Injection\Html Injection TinyMCE 5 HTML WYSIWYG
# Date:18.10.2020
# Author: Vincent666 ibn Winnie
# Software Link: https://www.tiny.cloud/features/
# Tested on: Windows 10
# Web Browser: Mozilla Firefox
# Blog : https://pentest-vincent.blogspot.com/
# PoC: https://pentest-vincent.blogspot.com/2020/10/iframehtml-injection-tinymce-5-html.html
PoC:
The editor has the function of inserting an iframe, but we did not use
this option and tested other fields.
We have iframe injection in TinyMCE 5.
I use for example demo TinyMCE and Plone Cms with TinyMCE.
Our iframe injection on the demo:
Insert - Media - Embed - our iframe code.
In the demo Plone Cms:
Insert - Image - Caption - our iframe code.
If a simple user can inject his code into these fields, then he can
use it for phishing and other things.
Picture:
https://imgur.com/a/IM6PBQh
Iframe injection video:
https://www.youtube.com/watch?v=KHbhD_zmWcI&feature=youtu.be
Html injection video :
https://www.youtube.com/watch?v=IoR89uQcbGc&feature=youtu.be