The tinymce media plugin has security controls that aim to mitigate Cross-Site Scripting (XSS) attacks, but did not filter script elements in the default config implementations, allowing an attacker to perform an Cross-Site Scripting (XSS) attack.
Created tinymce tracking bugs for this issue:
Affects: epel-6 [bug 1411804]
Affects: fedora-all [bug 1411805]
This should have been fixed in the 4.5.1 update that went out a few weeks ago:
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.