Lucene search
K

114 matches found

Snyk
Snyk
added 2025/12/31 10:7 p.m.1 views

Cross-site Scripting (XSS)

Overview trix is a Rich Text Editor. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to applying DOMPurify.isValidAttribute to data-trix-attachments before rendering them as anchor tags. An attacker can execute arbitrary JavaScript code within the user's session,...

5.4CVSS5.3AI score
Exploits0References2
OSV
OSV
added 2025/12/31 10:7 p.m.4 views

GHSA-G9JG-W8VM-G96V Trix has a stored XSS vulnerability through its attachment attribute

Impact The Trix editor, in versions prior to 2.1.16, is vulnerable to XSS attacks through attachment payloads. An attacker could inject malicious code into a data-trix-attachment attribute that, when rendered as HTML and clicked on, could execute arbitrary JavaScript code within the context of th...

4.6CVSS6.1AI score
Exploits0References5
GitLab Advisory Database
GitLab Advisory Database
added 2025/12/31 12:0 a.m.6 views

Trix has a stored XSS vulnerability through its attachment attribute

The Trix editor, in versions prior to 2.1.16, is vulnerable to XSS attacks through attachment payloads. An attacker could inject malicious code into a data-trix-attachment attribute that, when rendered as HTML and clicked on, could execute arbitrary JavaScript code within the context of the user'...

6.5AI score
Exploits0References6Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-2638

Malicious code in bioql PyPI...

6.5CVSS5.6AI score0.00487EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-3438

Malicious code in bioql PyPI...

5.1CVSS6.3AI score0.00444EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-0029

Malicious code in bioql PyPI...

5.3CVSS6.3AI score0.00407EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-14005

Malicious code in bioql PyPI...

5.1CVSS6.3AI score0.00602EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.21 views

EUVD-2024-1747

Malicious code in bioql PyPI...

5.4CVSS5.4AI score0.00784EPSS
Exploits0References15
RedhatCVE
RedhatCVE
added 2025/05/23 12:2 p.m.5 views

CVE-2025-21610

Trix is a what-you-see-is-what-you-get rich text editor for everyday writing. Versions prior to 2.1.12 are vulnerable to cross-site scripting when pasting malicious code in the link field. An attacker could trick the user to copy a malicious javascript: URL as a link that would execute arbitrary...

5.3CVSS6.4AI score0.00407EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:51 a.m.7 views

CVE-2024-43368

The Trix editor, versions prior to 2.1.4, is vulnerable to XSS when pasting malicious code. This vulnerability is a bypass of the fix put in place for GHSA-qjqp-xr96-cj99. In pull request 1149, sanitation was added for Trix attachments with a text/html content type. However, Trix only checks the...

6.5CVSS6.3AI score0.00487EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 9:49 a.m.7 views

CVE-2024-34341

Trix is a rich text editor. The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker ...

5.4CVSS7.4AI score0.00784EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:16 a.m.4 views

CVE-2024-53847

The Trix rich text editor, prior to versions 2.1.9 and 1.3.3, is vulnerable to cross-site scripting XSS + mutation XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the user's...

5.1CVSS5.5AI score0.00444EPSS
Exploits0References1
Veracode
Veracode
added 2025/05/15 3:35 a.m.12 views

Cross-Site Scripting (XSS)

Trix is vulnerable to cross-site scripting XSS. The vulnerability is due to insufficient sanitization of pasted content, which allows an attacker to execute arbitrary JavaScript within the user’s session...

5.1CVSS6.4AI score0.00602EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/10 8:8 p.m.27 views

CVE-2025-46812

Trix is a what-you-see-is-what-you-get rich text editor for everyday writing. Versions prior to 2.1.15 are vulnerable to XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the...

5.1CVSS6.6AI score0.00602EPSS
Exploits0References1
NVD
NVD
added 2025/05/08 8:15 p.m.51 views

CVE-2025-46812

Trix is a what-you-see-is-what-you-get rich text editor for everyday writing. Versions prior to 2.1.15 are vulnerable to XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the...

5.1CVSS0.00602EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/08 7:27 p.m.9 views

CVE-2025-46812 Trix vulnerable to Cross-site Scripting on copy & paste

Trix is a what-you-see-is-what-you-get rich text editor for everyday writing. Versions prior to 2.1.15 are vulnerable to XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the...

5.1CVSS6.5AI score0.00602EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/08 7:27 p.m.53 views

CVE-2025-46812 Trix vulnerable to Cross-site Scripting on copy & paste

Trix is a what-you-see-is-what-you-get rich text editor for everyday writing. Versions prior to 2.1.15 are vulnerable to XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the...

5.1CVSS0.00602EPSS
Exploits0References2
CVE
CVE
added 2025/05/08 7:27 p.m.76 views

CVE-2025-46812

CVE-2025-46812 affects the Trix rich-text editor. Versions before 2.1.15 are vulnerable to XSS when pasting malicious content, enabling execution of arbitrary JavaScript in the user session; this could lead to unauthorized actions or data disclosure. The issue is patched in version 2.1.15. Remedi...

5.1CVSS6.2AI score0.00602EPSS
Exploits0References2
OSV
OSV
added 2025/05/08 7:27 p.m.19 views

CVE-2025-46812 Trix vulnerable to Cross-site Scripting on copy & paste

Trix is a what-you-see-is-what-you-get rich text editor for everyday writing. Versions prior to 2.1.15 are vulnerable to XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the...

5.1CVSS6.4AI score0.00602EPSS
Exploits0References4
Snyk
Snyk
added 2025/05/08 2:48 p.m.4 views

Cross-site Scripting (XSS)

Overview org.webjars.bower:trix is a Rich Text Editor. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the copy and paste functionality. An attacker can execute arbitrary JavaScript code within the user's session by tricking a user into pasting malicious...

6.1CVSS5.3AI score0.00602EPSS
Exploits0References2
Rows per page
Query Builder