CVE-2012-4230

Name of the Vulnerable Software and Affected Versions TinyMCE version 3.5.8

Description The issue concerns the bbcode plugin in TinyMCE, which fails to properly enforce the security policy. This specifically affects the encoding directive and the valid elements attribute, allowing for cross-site scripting (XSS) attacks. An example of exploitation involves using a textarea element.

Recommendations For TinyMCE version 3.5.8, consider disabling the bbcode plugin until a patch is available to prevent potential XSS attacks. Restrict access to the valid elements attribute and encoding directive to minimize the risk of exploitation.