Description
The Trix editor, versions prior to 2.1.11, is vulnerable to XSS when pasting malicious code in the link field.
Recommendation
Update the trix package to the latest compatible version. Followings are version details:
- Affected version(s): < 2.1.12
- Patched version(s): 2.1.12
References
Related Issues
- Server secret was included in static assets and served to clients - Vulnerability
- Trix editor subject to XSS vulnerabilities on copy & paste - CVE-2024-53847
- @sveltejs/kit has unescaped error message included on error page - CVE-2024-53262
- CommonRegexJS Regular Expression Denial of Service vulnerability - CVE-2020-26305
- Tags:
- npm
- trix
Anything's wrong? Let us know Last updated on January 03, 2025