# Exploit Title: iframe Injection\Html Injection TinyMCE 5 HTML WYSIWYG  
# Date:18.10.2020  
# Author: Vincent666 ibn Winnie  
# Software Link:  
# Tested on: Windows 10  
# Web Browser: Mozilla Firefox  
# Blog :  
# PoC:  
The editor has the function of inserting an iframe, but we did not use  
this option and tested other fields.  
We have iframe injection in TinyMCE 5.  
I use for example demo TinyMCE and Plone Cms with TinyMCE.  
Our iframe injection on the demo:  
Insert - Media - Embed - our iframe code.  
In the demo Plone Cms:  
Insert - Image - Caption - our iframe code.  
If a simple user can inject his code into these fields, then he can  
use it for phishing and other things.  
Iframe injection video:  
Html injection video :