Lucene search
K

114 matches found

vulnersOsv
vulnersOsv
added 2024/12/09 8:38 p.m.13 views

@caedman/arma (>=0.1.18 <=0.1.87), @caedman/armdda (>=0.1.85 <=1.1.89) +1 more potentially affected by CVE-2024-53847 via trix (>=1.3.0 <=1.3.1)

trix NPM version =1.3.0, =0.1.18, =0.1.85, =7.8.0, =9.2.2-alpha-margin Source cves: CVE-2024-53847 Source advisory: OSV:GHSA-6VX4-V2JW-QWQH...

5.1CVSS6AI score0.00444EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2024/12/09 8:38 p.m.17 views

Trix editor subject to XSS vulnerabilities on copy & paste

The Trix editor, in versions prior to 2.1.9 and 1.3.3, is vulnerable to XSS + mutation XSS attacks when pasting malicious code. Impact An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the user's session, potentially...

5.1CVSS6.4AI score0.00444EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2024/12/09 7:15 p.m.12 views

CVE-2024-53847

The Trix rich text editor, prior to versions 2.1.9 and 1.3.3, is vulnerable to cross-site scripting XSS + mutation XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the user's...

5.1CVSS0.00444EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/09 6:49 p.m.18 views

CVE-2024-53847 Trix vulnerable to Cross-site Scripting on copy & paste

The Trix rich text editor, prior to versions 2.1.9 and 1.3.3, is vulnerable to cross-site scripting XSS + mutation XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the user's...

5.1CVSS0.00444EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/09 6:49 p.m.5 views

CVE-2024-53847 Trix vulnerable to Cross-site Scripting on copy & paste

The Trix rich text editor, prior to versions 2.1.9 and 1.3.3, is vulnerable to cross-site scripting XSS + mutation XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the user's...

5.1CVSS5.8AI score0.00444EPSS
Exploits0References2
CVE
CVE
added 2024/12/09 6:49 p.m.60 views

CVE-2024-53847

The CVE-2024-53847 entry concerns the Trix rich text editor prior to 2.1.9 and 1.3.3, which is vulnerable to XSS and mutation XSS when pasting malicious code. The described impact is execution of arbitrary JavaScript in the user’s session, potentially enabling unauthorized actions or data disclos...

5.1CVSS5.5AI score0.00444EPSS
Exploits0References2
OSV
OSV
added 2024/12/09 6:49 p.m.7 views

CVE-2024-53847 Trix vulnerable to Cross-site Scripting on copy & paste

The Trix rich text editor, prior to versions 2.1.9 and 1.3.3, is vulnerable to cross-site scripting XSS + mutation XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the user's...

5.1CVSS5.7AI score0.00444EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/12/09 12:0 a.m.4 views

PT-2024-35949 · Trix · Trix

Name of the Vulnerable Software and Affected Versions: Trix editor versions prior to 2.1.9 and 1.3.3 Description: The issue concerns cross-site scripting XSS and mutation XSS attacks when pasting malicious code. An attacker could trick a user into copying and pasting malicious code, leading to th...

5.1CVSS5.6AI score0.00444EPSS
Exploits0References9
CNNVD
CNNVD
added 2024/12/09 12:0 a.m.6 views

Trix 跨站脚本漏洞

Trix is a Basecamp open source rich text editor for everyday writing. A cross-site scripting vulnerability exists in Trix versions prior to 2.1.9 and prior to 1.3.3. The vulnerability stems from the susceptibility to cross-site scripting attacks when malicious code is pasted, which may result in...

5.1CVSS5.2AI score0.00444EPSS
Exploits0References2
Hacker One
Hacker One
added 2024/11/04 2:9 p.m.22 views

Basecamp: Mutation Based Stored XSS on Trix Editor version latest (2.1.8)

A vulnerability was discovered in the Trix Editor version 2.1.8 where a mutation-based stored cross-site scripting XSS attack was possible. The vulnerability could be exploited by crafting a malicious payload that, when copied and pasted into the editor, would trigger the execution of arbitrary...

6AI score
Exploits0
Veracode
Veracode
added 2024/08/16 8:16 a.m.19 views

Cross Site Scripting(XSS)

Trix editor is vulnerable to Cross Site Scripting. The vulnerability is due to improper handling of text/html content types in the dataTransfer object during paste events, allowing attackers to execute arbitrary JavaScript by tricking users into pasting malicious code...

6.5CVSS7.6AI score0.00487EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2024/08/14 10:15 p.m.26 views

CVE-2024-43368

The Trix editor, versions prior to 2.1.4, is vulnerable to XSS when pasting malicious code. This vulnerability is a bypass of the fix put in place for GHSA-qjqp-xr96-cj99. In pull request 1149, sanitation was added for Trix attachments with a text/html content type. However, Trix only checks the...

6.5CVSS0.00487EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2024/08/14 9:12 p.m.27 views

CVE-2024-43368 Trix has a Cross-Site Scripting (XSS) vulnerability on copy & paste

The Trix editor, versions prior to 2.1.4, is vulnerable to XSS when pasting malicious code. This vulnerability is a bypass of the fix put in place for GHSA-qjqp-xr96-cj99. In pull request 1149, sanitation was added for Trix attachments with a text/html content type. However, Trix only checks the...

6.5CVSS6.3AI score0.00487EPSS
Exploits0References6
OSV
OSV
added 2024/08/14 9:12 p.m.22 views

CVE-2024-43368 Trix has a Cross-Site Scripting (XSS) vulnerability on copy & paste

The Trix editor, versions prior to 2.1.4, is vulnerable to XSS when pasting malicious code. This vulnerability is a bypass of the fix put in place for GHSA-qjqp-xr96-cj99. In pull request 1149, sanitation was added for Trix attachments with a text/html content type. However, Trix only checks the...

6.5CVSS5.7AI score0.00487EPSS
Exploits0References8
CVE
CVE
added 2024/08/14 9:12 p.m.73 views

CVE-2024-43368

The CVE-2024-43368 issue affects the Trix editor (versions before 2.1.4). Root cause: paste sanitation only checks the paste dataTransfer for a text/html content type, then creates an Attachment whose content is used as innerHTML, even if the attachment itself isn’t text/html. This enables cross-...

6.5CVSS6.4AI score0.00487EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/08/14 9:12 p.m.26 views

CVE-2024-43368 Trix has a Cross-Site Scripting (XSS) vulnerability on copy & paste

The Trix editor, versions prior to 2.1.4, is vulnerable to XSS when pasting malicious code. This vulnerability is a bypass of the fix put in place for GHSA-qjqp-xr96-cj99. In pull request 1149, sanitation was added for Trix attachments with a text/html content type. However, Trix only checks the...

6.5CVSS0.00487EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2024/08/14 6:11 p.m.12 views

@9troisquarts/ant-form (>=2.3.0 <=6.0.1), @beliantech/bt-components (>=0.8.0 <=0.33.11) +105 more potentially affected by CVE-2024-43368 via trix (>=0.10.2 <=2.1.19)

trix NPM version =0.10.2, =2.3.0, =0.8.0, =0.1.1, =4.0.0-alpha.1, =4.0.0-alpha.1, =4.0.0-alpha.1, =4.0.0-alpha.5, =4.0.0-alpha.1, =0.1.18, =0.1.85, =0.1.0, =0.2.0, =1.0.0, =1.1.1-beta.44 and more Source cves: CVE-2024-43368 Source advisory: OSV:GHSA-QM2Q-9F3Q-2VCV...

6.5CVSS6AI score0.00487EPSS
Exploits0
OSV
OSV
added 2024/08/14 6:11 p.m.37 views

GHSA-QM2Q-9F3Q-2VCV Trix has a cross-site Scripting vulnerability on copy & paste

The Trix editor, versions prior to 2.1.4, is vulnerable to XSS when pasting malicious code. This vulnerability is a bypass of the fix put in place for https://github.com/basecamp/trix/security/advisories/GHSA-qjqp-xr96-cj99. In https://github.com/basecamp/trix/pull/1149, we added sanitation for...

6.5CVSS6AI score0.00487EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2024/08/14 6:11 p.m.38 views

Trix has a cross-site Scripting vulnerability on copy & paste

The Trix editor, versions prior to 2.1.4, is vulnerable to XSS when pasting malicious code. This vulnerability is a bypass of the fix put in place for https://github.com/basecamp/trix/security/advisories/GHSA-qjqp-xr96-cj99. In https://github.com/basecamp/trix/pull/1149, we added sanitation for...

6.5CVSS6.2AI score0.00487EPSS
Exploits0References9Affected Software1
CNNVD
CNNVD
added 2024/08/14 12:0 a.m.5 views

Trix 安全漏洞

Trix is a Basecamp open source rich text editor for everyday writing. A security vulnerability exists in versions prior to Trix 2.1.4 that stems from the presence of cross-site scripting, which allows an attacker to trick a user into copying and pasting malicious code, and then executing arbitrar...

6.5CVSS5.5AI score0.00487EPSS
Exploits0References7
Rows per page
Query Builder