3 matches found
Cross-site Scripting (XSS)
Overview org.webjars.npm:trix is a Rich Text Editor. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to applying DOMPurify.isValidAttribute to data-trix-attachments before rendering them as anchor tags. An attacker can execute arbitrary JavaScript code within the...
GHSA-G9JG-W8VM-G96V Trix has a stored XSS vulnerability through its attachment attribute
Impact The Trix editor, in versions prior to 2.1.16, is vulnerable to XSS attacks through attachment payloads. An attacker could inject malicious code into a data-trix-attachment attribute that, when rendered as HTML and clicked on, could execute arbitrary JavaScript code within the context of th...
Cross-site Scripting (XSS)
Overview trix is a Rich Text Editor. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to applying DOMPurify.isValidAttribute to data-trix-attachments before rendering them as anchor tags. An attacker can execute arbitrary JavaScript code within the user's session,...