Description
The Trix editor, in versions prior to 2.1.15, is vulnerable to XSS attacks when pasting malicious code.
Recommendation
Update the trix package to the latest compatible version. Followings are version details:
- Affected version(s): < 2.1.15
- Patched version(s): 2.1.15
References
Related Issues
- Valid ECDSA signatures erroneously rejected in Elliptic - CVE-2024-48948
- cors-anywhere vulnerable to server-side request forgery - CVE-2020-36851
- [email protected] contains malware after npm account takeover - CVE-2025-59144
- Froala WYSIWYG editor allows cross-site scripting (XSS) - CVE-2024-51434
- Tags:
- npm
- trix
Anything's wrong? Let us know Last updated on May 08, 2025