Quill 安全漏洞

Quill is an open-source application developed by Quill. It provides an application editor function. Versions of Quill prior to 0.7.1 contained security vulnerabilities. These vulnerabilities stemmed from the unlimited reading of HTTP response bodies during Apple certification processes, which cou...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview quill is a modern rich text editor built for compatibility and extensibility. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' due to the improper sanitazation in the getHTML function. An...

org.iplass:iplass-admin (>=4.0.0 <=4.0.19), org.iplass:iplass-gem (>=4.0.0 <=4.0.19) +7 more potentially affected by CVE-2025-15056 via org.webjars.npm:quill (>=2.0.0-rc.2 <=2.0.2)

org.webjars.npm:quill MAVEN version =2.0.0-rc.2, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =2.10.2, =2.10.3-ssr.3 Source cves: CVE-2025-15056 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-14927398...

CVE-2025-15056

The CVE-2025-15056 entry concerns Quill 2.0.3, where the HTML export feature contains a lack of data validation that enables Cross‑Site Scripting (XSS). The issue is documented across multiple sources (NVD, Red Hat, CIRCL, GHSA/OSV, and Snyk references) confirming the vulnerability in Quill’s HTM...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the QuillJS WYSWYG editor in the admin panel, by modifying an HTML file before being uploaded to the server. Workaround Users who are not able to upgrade to the fixed version can: 1 Review the user...

Quill Cross-Site Scripting Vulnerability

Quill is a Quill open source application. Provides application editor functionality. A cross-site scripting vulnerability exists in Quill quill-mention versions prior to 4.0.0, which stems from improper input cleanup and is susceptible to cross-site scripting XSS attacks...