Bug 1091438 (CVE-2012-4230) - CVE-2012-4230 tinymce: XSS attacks via security policy bypass
Summary: CVE-2012-4230 tinymce: XSS attacks via security policy bypass
Keywords:
Status: CLOSED UPSTREAM
Alias: CVE-2012-4230
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20130305,repor...
Depends On: 1091439 1091440 1091441 1091442 1091443 1091444 1091445
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-04-25 15:13 UTC by Vincent Danen
Modified: 2019-06-08 20:01 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-06-08 02:32:42 UTC


Attachments (Terms of Use)

Description Vincent Danen 2014-04-25 15:13:06 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2012-4230 to
the following vulnerability:

Name: CVE-2012-4230
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4230
Assigned: 20120809
Reference: FULLDISC:20130311 XSS Vulnerability in TinyMCE
Reference: http://seclists.org/fulldisclosure/2013/Mar/114
Reference: http://packetstormsecurity.com/files/120750/TinyMCE-3.5.8-Cross-Site-Scripting.html
Reference: http://www.madirish.net/554
Reference: http://www.securityfocus.com/bid/58424
Reference: OSVDB:91130
Reference: http://osvdb.org/91130
Reference: XF:tinymce-htmlentities-xss(82744)
Reference: http://xforce.iss.net/xforce/xfdb/82744

The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the
TinyMCE security policy for the (1) encoding directive and (2)
valid_elements attribute, which allows attackers to conduct cross-site
scripting (XSS) attacks via application-specific vectors, as
demonstrated using a textarea element.


NOTE: diff'ing upstream 3.5.10 to 3.5.8 reveals no changes in the bbcode plugin.  While there are changes to this plugin from 3.5.8 to 4.0.23, I do not know if this is corrected (the changelog does not indicate that it is).  As a result, I do not believe this is yet corrected upstream.

Comment 1 Vincent Danen 2014-04-25 15:14:57 UTC
Created sagemath tracking bugs for this issue:

Affects: fedora-all [bug 1091442]

Comment 2 Vincent Danen 2014-04-25 15:15:01 UTC
Created roundcubemail tracking bugs for this issue:

Affects: fedora-all [bug 1091441]
Affects: epel-6 [bug 1091445]

Comment 3 Vincent Danen 2014-04-25 15:15:06 UTC
Created tinymce tracking bugs for this issue:

Affects: fedora-all [bug 1091439]
Affects: epel-6 [bug 1091443]

Comment 4 Vincent Danen 2014-04-25 15:15:09 UTC
Created python-django-tinymce tracking bugs for this issue:

Affects: fedora-all [bug 1091440]
Affects: epel-6 [bug 1091444]

Comment 5 Fedora Update System 2014-12-19 18:26:49 UTC
sagemath-6.3-5.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 6 Fedora Update System 2014-12-21 06:41:08 UTC
sagemath-6.1.1-6.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 7 Fedora Update System 2015-01-06 02:05:55 UTC
roundcubemail-1.0.4-2.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 8 Fedora Update System 2015-01-06 02:08:21 UTC
roundcubemail-1.0.4-2.el7 has been pushed to the Fedora EPEL 7 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 9 Fedora Update System 2015-01-06 06:13:20 UTC
roundcubemail-1.0.4-2.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 10 Fedora Update System 2015-01-06 06:16:14 UTC
roundcubemail-1.0.4-2.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 11 Neal Gompa 2015-05-16 14:07:51 UTC
To the best of my knowledge, this is still not corrected upstream.

Comment 12 Product Security DevOps Team 2019-06-08 02:32:42 UTC
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.


Note You need to log in before you can comment on or make changes to this bug.