CVE-2017-5961

Name of the Vulnerable Software and Affected Versions ionize versions prior to 1.0.9

Description The issue exists due to insufficient filtration of user-supplied data in the path variable passed to the "ionize-master/themes/admin/javascript/tinymce/jscripts/tiny mce/plugins/codemirror/dialog.php" API endpoint. This allows an attacker to execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

Recommendations For versions prior to 1.0.9, update to version 1.0.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the "ionize-master/themes/admin/javascript/tinymce/jscripts/tiny mce/plugins/codemirror/dialog.php" API endpoint to minimize the risk of exploitation. Avoid using the path variable in the affected API endpoint until the issue is resolved.