Description
The Trix editor, in versions prior to 2.1.15, is vulnerable to XSS attacks when pasting malicious code.
Recommendation
Update the trix package to the latest compatible version. Followings are version details:
- Affected version(s): < 2.1.15
- Patched version(s): 2.1.15
References
Related Issues
- Trix has a cross-site Scripting vulnerability on copy & paste - CVE-2024-43368
- svelte vulnerable to Cross-site Scripting - CVE-2025-15265
- `vega-functions` vulnerable to Cross-site Scripting via `setdata` function - CVE-2025-66648
- @sveltejs/kit vulnerable to Cross-site Scripting via tracked search_params - CVE-2025-32388
- Tags:
- npm
- trix
Anything's wrong? Let us know Last updated on May 08, 2025