11 matches found
CVE-2021-3163
A vulnerability in the HTML editor of Slab Quill 4.8.0 allows an attacker to execute arbitrary JavaScript by storing an XSS payload a crafted onloadstart attribute of an IMG element in a text field. Note: Researchers have claimed that this issue is not within the product itself, but is intended...
Cross-Site Scripting
Overview A vulnerability in the HTML editor of Slab Quill allows an attacker to execute arbitrary JavaScript by storing an XSS payload a crafted onloadstart attribute of an IMG element in a text field. No patch exists and no further releases are planned. Recommendation Avoid using quill as there ...
Cross-site Scripting in quill
A vulnerability in the HTML editor of Slab Quill allows an attacker to execute arbitrary JavaScript by storing an XSS payload a crafted onloadstart attribute of an IMG element in a text field. No patch exists and no further releases are planned. This CVE is disputed. Researchers have claimed that...
Slab Quill Cross-Site Scripting Vulnerability
Slab Quill is a rich text editor with good compatibility and extensibility. A stored cross-site scripting vulnerability exists in the HTML editor of Slab Quill version 4.8.0, which can be exploited by an attacker to execute arbitrary JavaScript...
CVE-2021-3163
A vulnerability in the HTML editor of Slab Quill 4.8.0 allows an attacker to execute arbitrary JavaScript by storing an XSS payload a crafted onloadstart attribute of an IMG element in a text field. Note: Researchers have claimed that this issue is not within the product itself, but is intended...
CVE-2021-3163
A vulnerability in the HTML editor of Slab Quill 4.8.0 allows an attacker to execute arbitrary JavaScript by storing an XSS payload a crafted onloadstart attribute of an IMG element in a text field. Note: Researchers have claimed that this issue is not within the product itself, but is intended...
CVE-2021-3163
A vulnerability in the HTML editor of Slab Quill 4.8.0 allows an attacker to execute arbitrary JavaScript by storing an XSS payload a crafted onloadstart attribute of an IMG element in a text field. Note: Researchers have claimed that this issue is not within the product itself, but is intended...
CVE-2021-3163
Slab Quill 4.8.0 contains a stored XSS in its HTML editor. An attacker can inject JavaScript by storing an XSS payload using a crafted onloadstart attribute on an IMG element, leading to arbitrary script execution. Multiple sources (NVD entry, CNVD, OSV/GHSA advisories) describe the issue; adviso...
CVE-2021-3163
A vulnerability in the HTML editor of Slab Quill 4.8.0 allows an attacker to execute arbitrary JavaScript by storing an XSS payload a crafted onloadstart attribute of an IMG element in a text field. Note: Researchers have claimed that this issue is not within the product itself, but is intended...
PT-2021-19452 · Unknown · Slab Quill
Name of the Vulnerable Software and Affected Versions: Slab Quill version 4.8.0 Description: A vulnerability in the HTML editor of Slab Quill allows an attacker to execute arbitrary JavaScript by storing an XSS payload, specifically a crafted onloadstart attribute of an IMG element, in a text...
Quill 跨站脚本漏洞
Slab Quill is a rich text editor with good compatibility and extensibility. A stored cross-site scripting vulnerability exists in the HTML editor of Slab Quill version 4.8.0, which can be exploited by an attacker to execute arbitrary JavaScript...