EUVD-2025-0029

Malicious code in bioql PyPI...

EUVD-2024-1747

Malicious code in bioql PyPI...

EUVD-2024-2638

Malicious code in bioql PyPI...

CVE-2024-34341

Trix is a rich text editor. The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker ...

Trix vulnerable to Cross-site Scripting on copy & paste

Impact The Trix editor, in versions prior to 2.1.15, is vulnerable to XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the user's session, potentially leading to unauthorized...

CVE-2025-21610

Trix is a what-you-see-is-what-you-get rich text editor for everyday writing. Versions prior to 2.1.12 are vulnerable to cross-site scripting when pasting malicious code in the link field. An attacker could trick the user to copy&paste a malicious javascript: URL as a link that would execute...

Trix allows Cross-site Scripting via `javascript:` url in a link

The Trix editor, versions prior to 2.1.11, is vulnerable to XSS when pasting malicious code in the link field. Impact An attacker could trick the user to copy&paste a malicious javascript: URL as a link that would execute arbitrary JavaScript code within the context of the user's session,...

GHSA-J386-3444-QGWG Trix allows Cross-site Scripting via `javascript:` url in a link

The Trix editor, versions prior to 2.1.11, is vulnerable to XSS when pasting malicious code in the link field. Impact An attacker could trick the user to copy&paste a malicious javascript: URL as a link that would execute arbitrary JavaScript code within the context of the user's session,...

CVE-2025-21610 Trix allows Cross-site Scripting via `javascript:` url in a link

Trix is a what-you-see-is-what-you-get rich text editor for everyday writing. Versions prior to 2.1.12 are vulnerable to cross-site scripting when pasting malicious code in the link field. An attacker could trick the user to copy&paste a malicious javascript: URL as a link that would execute...

CVE-2024-53847 Trix vulnerable to Cross-site Scripting on copy & paste

The Trix rich text editor, prior to versions 2.1.9 and 1.3.3, is vulnerable to cross-site scripting XSS + mutation XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the user's...

CVE-2024-53847 Trix vulnerable to Cross-site Scripting on copy & paste

The Trix rich text editor, prior to versions 2.1.9 and 1.3.3, is vulnerable to cross-site scripting XSS + mutation XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the user's...

Basecamp: Mutation Based Stored XSS on Trix Editor version latest (2.1.8)

A vulnerability was discovered in the Trix Editor version 2.1.8 where a mutation-based stored cross-site scripting XSS attack was possible. The vulnerability could be exploited by crafting a malicious payload that, when copied and pasted into the editor, would trigger the execution of arbitrary...

Basecamp: Stored XSS on trix editor version 2.1.1

The Trix editor version 2.1.1 was vulnerable to stored cross-site scripting XSS attacks. The vulnerability was caused by improper sanitization of content pasted into the editor, allowing an attacker to embed malicious scripts that were executed within the context of the application...

PT-2024-25798 · Unknown · Trix Editor

Name of the Vulnerable Software and Affected Versions: Trix editor versions prior to 2.1.1 Trix editor versions prior to 2.1.4 Description: The Trix editor is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. This...