Exposure of tinyMCE js source code with plugin version disclosure which can leads to exploit further attacks.

Hello Security Team Summary : When looking for links and trying for content discovery i found a link on domain support.theendlessweb.com https://support.theendlessweb.com/__swift/apps/base/javascript/__global/thirdparty/TinyMCE/tinymce.min.js It contains the tinyMCE plugin and the version they are using and also disclosing some source code . tiny MCE version used : 4.3.12 (2016-05-10) https://support.theendlessweb.com/__swift/apps/base/javascript/__global/thirdparty/TinyMCE above mentioned link when searched gives a 403 access denied which means nobody is allowed to view the contents but appending the js file to the link displaying the plugin code . With Regards Wolfdroid Jai Shree Krishna ## Impact Leaking of plugin versions can lead to a successful attack. An Attacker can look for exploits in this particular version and can execute an attack to harm the website.