trix is vulnerable to Cross-Site Scripting (XSS). The vulnerability is due to improper sanitization of pasted content, which allows attackers to embed malicious scripts, resulting in Cross-Site Scripting (XSS) within the application’s context.
github.com/basecamp/trix/commit/1a5c68a14d48421fc368e30026f4a7918028b7ad
github.com/basecamp/trix/commit/841ff19b53f349915100bca8fcb488214ff93554
github.com/basecamp/trix/pull/1147
github.com/basecamp/trix/pull/1149
github.com/basecamp/trix/releases/tag/v2.1.1
github.com/basecamp/trix/security/advisories/GHSA-qjqp-xr96-cj99