Description
The Trix editor, in versions prior to 2.1.15, is vulnerable to XSS attacks when pasting malicious code.
Recommendation
Update the trix package to the latest compatible version. Followings are version details:
- Affected version(s): < 2.1.15
- Patched version(s): 2.1.15
References
Related Issues
- Trix has a cross-site Scripting vulnerability on copy & paste - CVE-2024-43368
- Bootstrap Vulnerable to Cross-Site Scripting in its Popover and Tooltip Components - CVE-2025-1647
- jsondiffpatch is vulnerable to Cross-site Scripting (XSS) via HtmlFormatter::nodeBegin - CVE-2025-9910
- `vega-functions` vulnerable to Cross-site Scripting via `setdata` function - CVE-2025-66648
- Tags:
- npm
- trix
Anything's wrong? Let us know Last updated on May 08, 2025