Description
The Trix editor, versions prior to 2.1.11, is vulnerable to XSS when pasting malicious code in the link field.
Recommendation
Update the trix package to the latest compatible version. Followings are version details:
- Affected version(s): < 2.1.12
- Patched version(s): 2.1.12
References
Related Issues
- Vega allows Cross-site Scripting via the vlSelectionTuples function (GHSA-mp7w-mhcv-673j) - CVE-2025-25304
- Vega allows Cross-site Scripting via the vlSelectionTuples function - CVE-2025-25304
- @dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via welcome message - CVE-2025-64758
- @sveltejs/kit vulnerable to Cross-site Scripting via tracked search_params - CVE-2025-32388
- Tags:
- npm
- trix
Anything's wrong? Let us know Last updated on January 03, 2025