-
-
Notifications
You must be signed in to change notification settings - Fork 229
Expand file tree
/
Copy pathGHSA-qmpg-8xg6-ph5q.yml
More file actions
38 lines (32 loc) · 1.37 KB
/
GHSA-qmpg-8xg6-ph5q.yml
File metadata and controls
38 lines (32 loc) · 1.37 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
---
gem: action_text-trix
ghsa: qmpg-8xg6-ph5q
url: https://github.com/basecamp/trix/security/advisories/GHSA-qmpg-8xg6-ph5q
title: Trix has a Stored XSS vulnerability through serialized attributes
date: 2026-03-12
description: |
### Impact
The Trix editor, in versions prior to 2.1.17, is vulnerable to XSS
attacks when a `data-trix-serialized-attributes` attribute bypasses
the DOMPurify sanitizer.
An attacker could craft HTML containing a `data-trix-serialized-attributes`
attribute with a malicious payload that, when the content is rendered,
could execute arbitrary JavaScript code within the context of the user's
session, potentially leading to unauthorized actions being performed
or sensitive information being disclosed.
### Patches
Update Recommendation: Users should upgrade to Trix editor
version 2.1.17 or later.
### References
The XSS vulnerability was responsibly reported by Hackerone
researcher [newbiefromcoma](https://hackerone.com/newbiefromcoma).
cvss_v3: 4.6
patched_versions:
- ">= 2.1.17"
related:
url:
- https://github.com/basecamp/trix/security/advisories/GHSA-qmpg-8xg6-ph5q
- https://github.com/basecamp/trix/releases/tag/v2.1.17
- https://github.com/basecamp/trix/pull/1282
- https://github.com/basecamp/trix/commit/53197ab5a142e6b0b76127cb790726b274eaf1bc
- https://github.com/advisories/GHSA-qmpg-8xg6-ph5q