114 matches found
Cross-site Scripting (XSS)
Overview trix is a Rich Text Editor. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to applying DOMPurify.isValidAttribute to data-trix-attachments before rendering them as anchor tags. An attacker can execute arbitrary JavaScript code within the user's session,...
GHSA-G9JG-W8VM-G96V Trix has a stored XSS vulnerability through its attachment attribute
Impact The Trix editor, in versions prior to 2.1.16, is vulnerable to XSS attacks through attachment payloads. An attacker could inject malicious code into a data-trix-attachment attribute that, when rendered as HTML and clicked on, could execute arbitrary JavaScript code within the context of th...
Trix has a stored XSS vulnerability through its attachment attribute
The Trix editor, in versions prior to 2.1.16, is vulnerable to XSS attacks through attachment payloads. An attacker could inject malicious code into a data-trix-attachment attribute that, when rendered as HTML and clicked on, could execute arbitrary JavaScript code within the context of the user'...
EUVD-2024-2638
Malicious code in bioql PyPI...
EUVD-2024-3438
Malicious code in bioql PyPI...
EUVD-2025-0029
Malicious code in bioql PyPI...
EUVD-2025-14005
Malicious code in bioql PyPI...
EUVD-2024-1747
Malicious code in bioql PyPI...
CVE-2025-21610
Trix is a what-you-see-is-what-you-get rich text editor for everyday writing. Versions prior to 2.1.12 are vulnerable to cross-site scripting when pasting malicious code in the link field. An attacker could trick the user to copy a malicious javascript: URL as a link that would execute arbitrary...
CVE-2024-43368
The Trix editor, versions prior to 2.1.4, is vulnerable to XSS when pasting malicious code. This vulnerability is a bypass of the fix put in place for GHSA-qjqp-xr96-cj99. In pull request 1149, sanitation was added for Trix attachments with a text/html content type. However, Trix only checks the...
CVE-2024-34341
Trix is a rich text editor. The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker ...
CVE-2024-53847
The Trix rich text editor, prior to versions 2.1.9 and 1.3.3, is vulnerable to cross-site scripting XSS + mutation XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the user's...
Cross-Site Scripting (XSS)
Trix is vulnerable to cross-site scripting XSS. The vulnerability is due to insufficient sanitization of pasted content, which allows an attacker to execute arbitrary JavaScript within the user’s session...
CVE-2025-46812
Trix is a what-you-see-is-what-you-get rich text editor for everyday writing. Versions prior to 2.1.15 are vulnerable to XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the...
CVE-2025-46812
Trix is a what-you-see-is-what-you-get rich text editor for everyday writing. Versions prior to 2.1.15 are vulnerable to XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the...
CVE-2025-46812 Trix vulnerable to Cross-site Scripting on copy & paste
Trix is a what-you-see-is-what-you-get rich text editor for everyday writing. Versions prior to 2.1.15 are vulnerable to XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the...
CVE-2025-46812 Trix vulnerable to Cross-site Scripting on copy & paste
Trix is a what-you-see-is-what-you-get rich text editor for everyday writing. Versions prior to 2.1.15 are vulnerable to XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the...
CVE-2025-46812
CVE-2025-46812 affects the Trix rich-text editor. Versions before 2.1.15 are vulnerable to XSS when pasting malicious content, enabling execution of arbitrary JavaScript in the user session; this could lead to unauthorized actions or data disclosure. The issue is patched in version 2.1.15. Remedi...
CVE-2025-46812 Trix vulnerable to Cross-site Scripting on copy & paste
Trix is a what-you-see-is-what-you-get rich text editor for everyday writing. Versions prior to 2.1.15 are vulnerable to XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the...
Cross-site Scripting (XSS)
Overview org.webjars.bower:trix is a Rich Text Editor. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the copy and paste functionality. An attacker can execute arbitrary JavaScript code within the user's session by tricking a user into pasting malicious...