3 matches found
CVE-2023-26149
Versions of the package quill-mention before 4.0.0 are vulnerable to Cross-site Scripting XSS due to improper user-input sanitization, via the renderList function. Note: If the mentions list is sourced from unsafe user-sourced data, this might allow an injection attack when a Quill user hits @...
CVE-2023-26149
Versions of the package quill-mention before 4.0.0 are vulnerable to Cross-site Scripting XSS due to improper user-input sanitization, via the renderList function. Note: If the mentions list is sourced from unsafe user-sourced data, this might allow an injection attack when a Quill user hits @...
CVE-2023-26149
Versions of the package quill-mention before 4.0.0 are vulnerable to Cross-site Scripting XSS due to improper user-input sanitization, via the renderList function. Note: If the mentions list is sourced from unsafe user-sourced data, this might allow an injection attack when a Quill user hits @...