CVE-2020-14063

Name of the Vulnerable Software and Affected Versions TC Custom JavaScript plugin versions prior to 1.2.2

Description A stored Cross-Site Scripting (XSS) issue allows unauthenticated remote attackers to inject arbitrary JavaScript via the tccj-content parameter. This injected code is displayed in the page footer of every front-end page and executed in the browser of visitors.

Recommendations For TC Custom JavaScript plugin versions prior to 1.2.2, update to version 1.2.2 or later to resolve the issue. As a temporary workaround, consider disabling the plugin until a patch is available. Avoid using the tccj-content parameter in the affected plugin until the issue is resolved.