Description
The Trix editor, versions prior to 2.1.11, is vulnerable to XSS when pasting malicious code in the link field.
Recommendation
Update the trix package to the latest compatible version. Followings are version details:
- Affected version(s): < 2.1.12
- Patched version(s): 2.1.12
References
Related Issues
- Server secret was included in static assets and served to clients - Vulnerability
- seroval Affected by Prototype Pollution via JSON Deserialization - CVE-2026-23736
- Trix has a stored XSS vulnerability through its attachment attribute - Vulnerability
- ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay - CVE-2025-68113
- Tags:
- npm
- trix
Anything's wrong? Let us know Last updated on January 03, 2025