Description
The Trix editor, in versions prior to 2.1.15, is vulnerable to XSS attacks when pasting malicious code.
Recommendation
Update the trix package to the latest compatible version. Followings are version details:
- Affected version(s): < 2.1.15
- Patched version(s): 2.1.15
References
Related Issues
- cors-anywhere vulnerable to server-side request forgery - CVE-2020-36851
- Valid ECDSA signatures erroneously rejected in Elliptic - CVE-2024-48948
- Froala WYSIWYG editor allows cross-site scripting (XSS) - CVE-2024-51434
- Vue I18n Allows Prototype Pollution in `handleFlatJson` - CVE-2025-27597
- Tags:
- npm
- trix
Anything's wrong? Let us know Last updated on May 08, 2025