Description
The Trix editor, in versions prior to 2.1.9 and 1.3.3, is vulnerable to XSS + mutation XSS attacks when pasting malicious code.
Recommendation
Update the trix package to the latest compatible version. Followings are version details:
Affected version(s): **>= 1.0.0, < 1.3.3 >= 2.0.0, < 2.1.9** Patched version(s): **1.3.3 2.1.9**
References
Related Issues
- Trix has a cross-site Scripting vulnerability on copy & paste - CVE-2024-43368
- Froala WYSIWYG editor allows cross-site scripting (XSS) - CVE-2024-51434
- Trix vulnerable to Cross-site Scripting on copy & paste - CVE-2025-46812
- Trix Editor Arbitrary Code Execution Vulnerability - CVE-2024-34341
- Tags:
- npm
- trix
Anything's wrong? Let us know Last updated on December 09, 2024