Description
The Trix editor, versions prior to 2.1.11, is vulnerable to XSS when pasting malicious code in the link field.
Recommendation
Update the trix package to the latest compatible version. Followings are version details:
- Affected version(s): < 2.1.12
- Patched version(s): 2.1.12
References
Related Issues
- Vega allows Cross-site Scripting via the vlSelectionTuples function - vega-selections - CVE-2025-25304
- Vega allows Cross-site Scripting via the vlSelectionTuples function - CVE-2025-25304
- Solid Lacks Escaping of HTML in JSX Fragments allows for Cross-Site Scripting (XSS) - CVE-2025-27109
- Vega vulnerable to Cross-site Scripting via RegExp.prototype[@@replace] - CVE-2025-27793
You might also like:
- Tags:
- npm
- trix
Anything's wrong? Let us know Last updated on January 03, 2025