Vulnerability in canine project

While working on canine project, I identified a stored Cross-Site Scripting (XSS) vulnerability in the Trix editor package. The issue occurs due to improper sanitization of the data-trix-attachment attribute. Malicious JavaScript can be injected into stored editor content and later executed when the attachment is rendered or interacted with, affecting users who view the content.

[CVE Link](https://vulert.com/vuln-db/trix-has-a-stored-xss-vulnerability-through-its-attachment-attribute)
[CVE Report](https://vulert.com/vuln-scan/list/aec22859-456f-4b03-a0a1-be48b337a940?sort_order=desc&sort_by=created_at)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Vulnerability in canine project #480

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Vulnerability in canine project #480

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions