org.iplass:iplass-admin (>=4.0.0 <=4.0.20), org.iplass:iplass-gem (>=4.0.0 <=4.0.20) +7 more potentially affected by CVE-2025-15056 via org.webjars.npm:quill (>=2.0.0-rc.2 <=2.0.2)

org.webjars.npm:quill MAVEN version =2.0.0-rc.2, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =2.10.2, =2.10.3-ssr.3 Source cves: CVE-2025-15056 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-14927398...

EUVD-2023-2536

Malicious code in bioql PyPI...

CVE-2023-26149

Versions of the package quill-mention before 4.0.0 are vulnerable to Cross-site Scripting XSS due to improper user-input sanitization, via the renderList function. Note: If the mentions list is sourced from unsafe user-sourced data, this might allow an injection attack when a Quill user hits @...

Cross Site Scripting (XSS)

quill-mention is vulnerable to Cross Site Scripting. The vulnerability is due to mention.js and quill.mention.js as there is no escaping or sanitization for the list items which are rendered using innerHTML. This allows an attacker to insert a malicious script in innerHTML. When the script is...

quill-mention Cross-site Scripting vulnerability

Versions of the package quill-mention before 4.0.0 are vulnerable to Cross-site Scripting XSS due to improper user-input sanitization, via the renderList function. Note: If the mentions list is sourced from unsafe user-sourced data, this might allow an injection attack when a Quill user hits @...

@abler/ats-front-resources-api (>=1.3.100 <=1.16.136), @advinow-medical/core (>=1.0.20 <=1.1.77) +62 more potentially affected by CVE-2023-26149 via quill-mention (>=0.2.7 <=3.4.1)

quill-mention NPM version =0.2.7, =1.3.100, =1.0.20, =1.0.0, =0.0.3, =0.16.9, =0.4.10, =5.4.0, =0.0.2, =0.1.3, =1.0.0, =1.0.2, =0.1.1, =0.0.9-9.1, =1.9.0, =1.18.0 and more Source cves: CVE-2023-26149 Source advisory: OSV:GHSA-JGW5-RP4P-QHP6...

GHSA-JGW5-RP4P-QHP6 quill-mention Cross-site Scripting vulnerability

Versions of the package quill-mention before 4.0.0 are vulnerable to Cross-site Scripting XSS due to improper user-input sanitization, via the renderList function. Note: If the mentions list is sourced from unsafe user-sourced data, this might allow an injection attack when a Quill user hits @...

CVE-2023-26149

Versions of the package quill-mention before 4.0.0 are vulnerable to Cross-site Scripting XSS due to improper user-input sanitization, via the renderList function. Note: If the mentions list is sourced from unsafe user-sourced data, this might allow an injection attack when a Quill user hits @...

CVE-2023-26149

Versions of the package quill-mention before 4.0.0 are vulnerable to Cross-site Scripting XSS due to improper user-input sanitization, via the renderList function. Note: If the mentions list is sourced from unsafe user-sourced data, this might allow an injection attack when a Quill user hits @...

Cross site scripting

Versions of the package quill-mention before 4.0.0 are vulnerable to Cross-site Scripting XSS due to improper user-input sanitization, via the renderList function. Note: If the mentions list is sourced from unsafe user-sourced data, this might allow an injection attack when a Quill user hits @...

CVE-2023-26149

CVE-2023-26149 affects quill-mention before 4.0.0 with XSS risk due to improper user-input sanitization in renderList. The issue arises when the mentions list uses unsafe user-sourced data, enabling injection when a Quill user types @. The vulnerability is documented across multiple feeds (Red Ha...

CVE-2023-26149

Versions of the package quill-mention before 4.0.0 are vulnerable to Cross-site Scripting XSS due to improper user-input sanitization, via the renderList function. Note: If the mentions list is sourced from unsafe user-sourced data, this might allow an injection attack when a Quill user hits @...

CVE-2023-26149

Versions of the package quill-mention before 4.0.0 are vulnerable to Cross-site Scripting XSS due to improper user-input sanitization, via the renderList function. Note: If the mentions list is sourced from unsafe user-sourced data, this might allow an injection attack when a Quill user hits @...

Quill Cross-Site Scripting Vulnerability

Quill is a Quill open source application. Provides application editor functionality. A cross-site scripting vulnerability exists in Quill quill-mention versions prior to 4.0.0, which stems from improper input cleanup and is susceptible to cross-site scripting XSS attacks...

PT-2023-20527 · Unknown · Quill-Mention

Name of the Vulnerable Software and Affected Versions: quill-mention versions prior to 4.0.0 Description: The issue is related to improper user-input sanitization, which can lead to Cross-site Scripting XSS attacks. This occurs via the renderList function. If the mentions list is sourced from...

Cross-site Scripting (XSS)

Overview quill-mention is a @mentions for the Quill rich text editor Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper user-input sanitization, via the renderList function. Note: If the mentions list is sourced from unsafe user-sourced data, this might...