What the vulnerability does
01Description
Missing Authorization vulnerability in FADI MED Editor Wysiwyg Background Color editor-wysiwyg-background-color allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Editor Wysiwyg Background Color: from n/a through <= 1.0.
Explanation of Vulnerability in Simple Terms
02Summary
The Editor Wysiwyg Background Color component through version 1.0 lacks proper authorization checks, allowing unauthenticated attackers to modify content integrity and availability. An attacker can send network requests without authentication to alter data or disrupt service. Site administrators should update to a version newer than 1.0 and verify access controls are properly enforced.
What an attacker can do
03Attacker Capabilities
Modify site content and disrupt availability without authentication.
Potential impact on your site
04Site Impact
Unauthorized users can alter page content and cause service disruptions.
Conditions required to exploit
05Prerequisites
Network access only; no authentication or user interaction required.
Key dates
06Disclosure timeline
April 17, 2025
CVE published
May 12, 2026
Record updated