CVE-2021-3163
npm/quill
Cross-site Scripting
A vulnerability in the HTML editor of Slab Quill allows an attacker to execute arbitrary JavaScript by storing an XSS payload (a crafted onloadstart attribute of an IMG element) in a text field.
Version 4.8.0
Unfortunately, there is no solution available yet.
2021-04-30
source |