114 matches found
@caedman/arma (>=0.1.18 <=0.1.87), @caedman/armdda (>=0.1.85 <=1.1.89) +1 more potentially affected by CVE-2024-53847 via trix (>=1.3.0 <=1.3.1)
trix NPM version =1.3.0, =0.1.18, =0.1.85, =7.8.0, =9.2.2-alpha-margin Source cves: CVE-2024-53847 Source advisory: OSV:GHSA-6VX4-V2JW-QWQH...
Trix editor subject to XSS vulnerabilities on copy & paste
The Trix editor, in versions prior to 2.1.9 and 1.3.3, is vulnerable to XSS + mutation XSS attacks when pasting malicious code. Impact An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the user's session, potentially...
CVE-2024-53847
The Trix rich text editor, prior to versions 2.1.9 and 1.3.3, is vulnerable to cross-site scripting XSS + mutation XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the user's...
CVE-2024-53847 Trix vulnerable to Cross-site Scripting on copy & paste
The Trix rich text editor, prior to versions 2.1.9 and 1.3.3, is vulnerable to cross-site scripting XSS + mutation XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the user's...
CVE-2024-53847 Trix vulnerable to Cross-site Scripting on copy & paste
The Trix rich text editor, prior to versions 2.1.9 and 1.3.3, is vulnerable to cross-site scripting XSS + mutation XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the user's...
CVE-2024-53847
The CVE-2024-53847 entry concerns the Trix rich text editor prior to 2.1.9 and 1.3.3, which is vulnerable to XSS and mutation XSS when pasting malicious code. The described impact is execution of arbitrary JavaScript in the user’s session, potentially enabling unauthorized actions or data disclos...
CVE-2024-53847 Trix vulnerable to Cross-site Scripting on copy & paste
The Trix rich text editor, prior to versions 2.1.9 and 1.3.3, is vulnerable to cross-site scripting XSS + mutation XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the user's...
PT-2024-35949 · Trix · Trix
Name of the Vulnerable Software and Affected Versions: Trix editor versions prior to 2.1.9 and 1.3.3 Description: The issue concerns cross-site scripting XSS and mutation XSS attacks when pasting malicious code. An attacker could trick a user into copying and pasting malicious code, leading to th...
Trix 跨站脚本漏洞
Trix is a Basecamp open source rich text editor for everyday writing. A cross-site scripting vulnerability exists in Trix versions prior to 2.1.9 and prior to 1.3.3. The vulnerability stems from the susceptibility to cross-site scripting attacks when malicious code is pasted, which may result in...
Basecamp: Mutation Based Stored XSS on Trix Editor version latest (2.1.8)
A vulnerability was discovered in the Trix Editor version 2.1.8 where a mutation-based stored cross-site scripting XSS attack was possible. The vulnerability could be exploited by crafting a malicious payload that, when copied and pasted into the editor, would trigger the execution of arbitrary...
Cross Site Scripting(XSS)
Trix editor is vulnerable to Cross Site Scripting. The vulnerability is due to improper handling of text/html content types in the dataTransfer object during paste events, allowing attackers to execute arbitrary JavaScript by tricking users into pasting malicious code...
CVE-2024-43368
The Trix editor, versions prior to 2.1.4, is vulnerable to XSS when pasting malicious code. This vulnerability is a bypass of the fix put in place for GHSA-qjqp-xr96-cj99. In pull request 1149, sanitation was added for Trix attachments with a text/html content type. However, Trix only checks the...
CVE-2024-43368 Trix has a Cross-Site Scripting (XSS) vulnerability on copy & paste
The Trix editor, versions prior to 2.1.4, is vulnerable to XSS when pasting malicious code. This vulnerability is a bypass of the fix put in place for GHSA-qjqp-xr96-cj99. In pull request 1149, sanitation was added for Trix attachments with a text/html content type. However, Trix only checks the...
CVE-2024-43368 Trix has a Cross-Site Scripting (XSS) vulnerability on copy & paste
The Trix editor, versions prior to 2.1.4, is vulnerable to XSS when pasting malicious code. This vulnerability is a bypass of the fix put in place for GHSA-qjqp-xr96-cj99. In pull request 1149, sanitation was added for Trix attachments with a text/html content type. However, Trix only checks the...
CVE-2024-43368
The CVE-2024-43368 issue affects the Trix editor (versions before 2.1.4). Root cause: paste sanitation only checks the paste dataTransfer for a text/html content type, then creates an Attachment whose content is used as innerHTML, even if the attachment itself isn’t text/html. This enables cross-...
CVE-2024-43368 Trix has a Cross-Site Scripting (XSS) vulnerability on copy & paste
The Trix editor, versions prior to 2.1.4, is vulnerable to XSS when pasting malicious code. This vulnerability is a bypass of the fix put in place for GHSA-qjqp-xr96-cj99. In pull request 1149, sanitation was added for Trix attachments with a text/html content type. However, Trix only checks the...
@9troisquarts/ant-form (>=2.3.0 <=6.0.1), @beliantech/bt-components (>=0.8.0 <=0.33.11) +105 more potentially affected by CVE-2024-43368 via trix (>=0.10.2 <=2.1.19)
trix NPM version =0.10.2, =2.3.0, =0.8.0, =0.1.1, =4.0.0-alpha.1, =4.0.0-alpha.1, =4.0.0-alpha.1, =4.0.0-alpha.5, =4.0.0-alpha.1, =0.1.18, =0.1.85, =0.1.0, =0.2.0, =1.0.0, =1.1.1-beta.44 and more Source cves: CVE-2024-43368 Source advisory: OSV:GHSA-QM2Q-9F3Q-2VCV...
GHSA-QM2Q-9F3Q-2VCV Trix has a cross-site Scripting vulnerability on copy & paste
The Trix editor, versions prior to 2.1.4, is vulnerable to XSS when pasting malicious code. This vulnerability is a bypass of the fix put in place for https://github.com/basecamp/trix/security/advisories/GHSA-qjqp-xr96-cj99. In https://github.com/basecamp/trix/pull/1149, we added sanitation for...
Trix has a cross-site Scripting vulnerability on copy & paste
The Trix editor, versions prior to 2.1.4, is vulnerable to XSS when pasting malicious code. This vulnerability is a bypass of the fix put in place for https://github.com/basecamp/trix/security/advisories/GHSA-qjqp-xr96-cj99. In https://github.com/basecamp/trix/pull/1149, we added sanitation for...
Trix 安全漏洞
Trix is a Basecamp open source rich text editor for everyday writing. A security vulnerability exists in versions prior to Trix 2.1.4 that stems from the presence of cross-site scripting, which allows an attacker to trick a user into copying and pasting malicious code, and then executing arbitrar...