Lucene search
K

114 matches found

SUSE CVE
SUSE CVE
added 2024/06/24 11:18 p.m.3 views

SUSE CVE-2024-34341

Trix is a rich text editor. The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker ...

5.4CVSS6.3AI score0.00784EPSS
Exploits0References4
Hacker One
Hacker One
added 2024/06/09 5:46 a.m.45 views

Internet Bug Bounty: [CVE-2024-32464] ActionText ContentAttachment’s can Contain Unsanitized HTML

CVE-2024-32464 ActionText ContentAttachment's can Contain Unsanitized HTML Instances of ActionText::Attachable::ContentAttachment included within a richtextarea tag were discovered to potentially contain unsanitized HTML. This vulnerability was assigned the CVE identifier CVE-2024-32464. Versions...

6.1CVSS6AI score0.00434EPSS
Exploits0
OSV
OSV
added 2024/06/04 10:26 p.m.89 views

GHSA-PRJP-H48F-JGF6 ActionText ContentAttachment can Contain Unsanitized HTML

Instances of ActionText::Attachable::ContentAttachment included within a richtextarea tag could potentially contain unsanitized HTML. This has been assigned the CVE identifier CVE-2024-32464. Versions Affected: = 7.1.0 Not affected: 7.1.0 Fixed Versions: 7.1.3.4 Impact ------ This could lead to a...

6.1CVSS5.9AI score0.00434EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/06/04 10:26 p.m.28 views

ActionText ContentAttachment can Contain Unsanitized HTML

Instances of ActionText::Attachable::ContentAttachment included within a richtextarea tag could potentially contain unsanitized HTML. This has been assigned the CVE identifier CVE-2024-32464. Versions Affected: = 7.1.0 Not affected: 7.1.0 Fixed Versions: 7.1.3.4 Impact ------ This could lead to a...

6.1CVSS5.9AI score0.00434EPSS
Exploits0References5Affected Software1
RubySec
RubySec
added 2024/06/04 12:0 a.m.25 views

ActionText ContentAttachment can Contain Unsanitized HTML

Instances of ActionText::Attachable::ContentAttachment included within a richtextarea tag could potentially contain unsanitized HTML. This has been assigned the CVE identifier CVE-2024-32464. Versions Affected: = 7.1.0 Not affected: 7.1.0 Fixed Versions: 7.1.3.4 Impact ------ This could lead to a...

6.1CVSS6.1AI score0.00434EPSS
Exploits0References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/06/04 12:0 a.m.46 views

ActionText ContentAttachment can Contain Unsanitized HTML

Instances of ActionText::Attachable::ContentAttachment included within a richtextarea tag could potentially contain unsanitized HTML. This has been assigned the CVE identifier CVE-2024-32464. Versions Affected: = 7.1.0 Not affected: 7.1.0 Fixed Versions: 7.1.3.4 Impact ------ This could lead to a...

6.1CVSS6.5AI score0.00434EPSS
Exploits0References5Affected Software1
Hacker One
Hacker One
added 2024/05/27 10:14 a.m.9 views

Basecamp: Stored XSS on trix editor version 2.1.1

The Trix editor version 2.1.1 was vulnerable to stored cross-site scripting XSS attacks. The vulnerability was caused by improper sanitization of content pasted into the editor, allowing an attacker to embed malicious scripts that were executed within the context of the application...

5.4CVSS5.4AI score0.00784EPSS
Exploits0
OSV
OSV
added 2024/05/07 4:49 p.m.26 views

GHSA-QJQP-XR96-CJ99 Trix Editor Arbitrary Code Execution Vulnerability

The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker to embed malicious scripts...

5.4CVSS6.7AI score0.00784EPSS
Exploits0References15
vulnersOsv
vulnersOsv
added 2024/05/07 4:49 p.m.13 views

lesli-vue (>=1.0.1 <=1.0.3) potentially affected by CVE-2024-34341 +1 more via trix (>=2.0.10 <=2.0.8)

trix NPM version =2.0.10, =1.0.1, =1.0.3 Source cves: CVE-2024-34341, CVE-2024-43368 Source advisory: OSV:GHSA-QJQP-XR96-CJ99...

6.5CVSS6AI score0.00784EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/05/07 4:49 p.m.8 views

@caedman/arma (>=0.1.18 <=0.1.87), @caedman/armdda (>=0.1.85 <=1.1.89) +5 more potentially affected by CVE-2024-34341 +1 more via trix (>=0.9.1 <=1.3.1)

trix NPM version =0.9.1, =0.1.18, =0.1.85, =7.8.0, =1.0.0, =1.0.3 Source cves: CVE-2024-34341, CVE-2024-43368 Source advisory: OSV:GHSA-QJQP-XR96-CJ99...

6.5CVSS6AI score0.00784EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2024/05/07 4:49 p.m.37 views

Trix Editor Arbitrary Code Execution Vulnerability

The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker to embed malicious scripts...

5.4CVSS6.5AI score0.00784EPSS
Exploits0References15Affected Software2
NVD
NVD
added 2024/05/07 4:15 p.m.53 views

CVE-2024-34341

Trix is a rich text editor. The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker ...

5.4CVSS6AI score0.00784EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/05/07 3:13 p.m.55 views

CVE-2024-34341 The Trix Editor Contains an Arbitrary Code Execution Vulnerability

Trix is a rich text editor. The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker ...

5.4CVSS6.2AI score0.00784EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2024/05/07 3:13 p.m.17 views

CVE-2024-34341 The Trix Editor Contains an Arbitrary Code Execution Vulnerability

Trix is a rich text editor. The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker ...

5.4CVSS6AI score0.00784EPSS
Exploits0References6
CVE
CVE
added 2024/05/07 3:13 p.m.78 views

CVE-2024-34341

CVE-2024-34341 (Trix editor) affects Trix prior to 2.1.1. The issue arises from improper sanitization when pasting content with markup from the web or documents, allowing arbitrary scripts to be embedded that execute in the application context. The impact is described as arbitrary code execution ...

5.4CVSS7.3AI score0.00784EPSS
Exploits0References6
OSV
OSV
added 2024/05/07 3:13 p.m.32 views

CVE-2024-34341 The Trix Editor Contains an Arbitrary Code Execution Vulnerability

Trix is a rich text editor. The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker ...

5.4CVSS6AI score0.00784EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/05/07 12:0 a.m.3 views

PT-2024-30531 · Unknown · Trix Editor

Name of the Vulnerable Software and Affected Versions: Trix editor versions prior to 2.1.4 Description: The issue is related to a bypass of a previous fix, allowing an attacker to execute arbitrary JavaScript code within the context of the user's session when pasting malicious code. This occurs...

6.5CVSS5.8AI score0.00784EPSS
Exploits0References28
CNNVD
CNNVD
added 2024/05/07 12:0 a.m.62 views

Trix 安全漏洞

Trix is a Basecamp open source rich text editor for everyday writing. A security vulnerability exists in versions prior to Trix 2.1.1 that stems from improper cleanup of pasted content...

5.4CVSS5.2AI score0.00784EPSS
Exploits0References7
RubySec
RubySec
added 2024/05/07 12:0 a.m.23 views

Arbitrary Code Execution Vulnerability in Trix Editor included in ActionText

From version 7.0 onwards the ActionText gem includes a copy of the Trix rich text editor. Prior to versions 7.0.8.3 and 7.1.3.3, ActionText included a version of Trix that is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into t...

5.4CVSS7.9AI score0.00784EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/07 12:0 a.m.4 views

PT-2024-25798 · Unknown · Trix Editor

Name of the Vulnerable Software and Affected Versions: Trix editor versions prior to 2.1.1 Trix editor versions prior to 2.1.4 Description: The Trix editor is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. This...

9.8CVSS6.3AI score0.01103EPSS
Exploits1References41
Rows per page
Query Builder