114 matches found
SUSE CVE-2024-34341
Trix is a rich text editor. The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker ...
Internet Bug Bounty: [CVE-2024-32464] ActionText ContentAttachment’s can Contain Unsanitized HTML
CVE-2024-32464 ActionText ContentAttachment's can Contain Unsanitized HTML Instances of ActionText::Attachable::ContentAttachment included within a richtextarea tag were discovered to potentially contain unsanitized HTML. This vulnerability was assigned the CVE identifier CVE-2024-32464. Versions...
GHSA-PRJP-H48F-JGF6 ActionText ContentAttachment can Contain Unsanitized HTML
Instances of ActionText::Attachable::ContentAttachment included within a richtextarea tag could potentially contain unsanitized HTML. This has been assigned the CVE identifier CVE-2024-32464. Versions Affected: = 7.1.0 Not affected: 7.1.0 Fixed Versions: 7.1.3.4 Impact ------ This could lead to a...
ActionText ContentAttachment can Contain Unsanitized HTML
Instances of ActionText::Attachable::ContentAttachment included within a richtextarea tag could potentially contain unsanitized HTML. This has been assigned the CVE identifier CVE-2024-32464. Versions Affected: = 7.1.0 Not affected: 7.1.0 Fixed Versions: 7.1.3.4 Impact ------ This could lead to a...
ActionText ContentAttachment can Contain Unsanitized HTML
Instances of ActionText::Attachable::ContentAttachment included within a richtextarea tag could potentially contain unsanitized HTML. This has been assigned the CVE identifier CVE-2024-32464. Versions Affected: = 7.1.0 Not affected: 7.1.0 Fixed Versions: 7.1.3.4 Impact ------ This could lead to a...
ActionText ContentAttachment can Contain Unsanitized HTML
Instances of ActionText::Attachable::ContentAttachment included within a richtextarea tag could potentially contain unsanitized HTML. This has been assigned the CVE identifier CVE-2024-32464. Versions Affected: = 7.1.0 Not affected: 7.1.0 Fixed Versions: 7.1.3.4 Impact ------ This could lead to a...
Basecamp: Stored XSS on trix editor version 2.1.1
The Trix editor version 2.1.1 was vulnerable to stored cross-site scripting XSS attacks. The vulnerability was caused by improper sanitization of content pasted into the editor, allowing an attacker to embed malicious scripts that were executed within the context of the application...
GHSA-QJQP-XR96-CJ99 Trix Editor Arbitrary Code Execution Vulnerability
The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker to embed malicious scripts...
lesli-vue (>=1.0.1 <=1.0.3) potentially affected by CVE-2024-34341 +1 more via trix (>=2.0.10 <=2.0.8)
trix NPM version =2.0.10, =1.0.1, =1.0.3 Source cves: CVE-2024-34341, CVE-2024-43368 Source advisory: OSV:GHSA-QJQP-XR96-CJ99...
@caedman/arma (>=0.1.18 <=0.1.87), @caedman/armdda (>=0.1.85 <=1.1.89) +5 more potentially affected by CVE-2024-34341 +1 more via trix (>=0.9.1 <=1.3.1)
trix NPM version =0.9.1, =0.1.18, =0.1.85, =7.8.0, =1.0.0, =1.0.3 Source cves: CVE-2024-34341, CVE-2024-43368 Source advisory: OSV:GHSA-QJQP-XR96-CJ99...
Trix Editor Arbitrary Code Execution Vulnerability
The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker to embed malicious scripts...
CVE-2024-34341
Trix is a rich text editor. The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker ...
CVE-2024-34341 The Trix Editor Contains an Arbitrary Code Execution Vulnerability
Trix is a rich text editor. The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker ...
CVE-2024-34341 The Trix Editor Contains an Arbitrary Code Execution Vulnerability
Trix is a rich text editor. The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker ...
CVE-2024-34341
CVE-2024-34341 (Trix editor) affects Trix prior to 2.1.1. The issue arises from improper sanitization when pasting content with markup from the web or documents, allowing arbitrary scripts to be embedded that execute in the application context. The impact is described as arbitrary code execution ...
CVE-2024-34341 The Trix Editor Contains an Arbitrary Code Execution Vulnerability
Trix is a rich text editor. The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker ...
PT-2024-30531 · Unknown · Trix Editor
Name of the Vulnerable Software and Affected Versions: Trix editor versions prior to 2.1.4 Description: The issue is related to a bypass of a previous fix, allowing an attacker to execute arbitrary JavaScript code within the context of the user's session when pasting malicious code. This occurs...
Trix 安全漏洞
Trix is a Basecamp open source rich text editor for everyday writing. A security vulnerability exists in versions prior to Trix 2.1.1 that stems from improper cleanup of pasted content...
Arbitrary Code Execution Vulnerability in Trix Editor included in ActionText
From version 7.0 onwards the ActionText gem includes a copy of the Trix rich text editor. Prior to versions 7.0.8.3 and 7.1.3.3, ActionText included a version of Trix that is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into t...
PT-2024-25798 · Unknown · Trix Editor
Name of the Vulnerable Software and Affected Versions: Trix editor versions prior to 2.1.1 Trix editor versions prior to 2.1.4 Description: The Trix editor is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. This...