CVE-2021-3163

Cross-site Scripting in npm/quill

Identifiers

CVE-2021-3163

Package Slug

npm/quill

Vulnerability

Cross-site Scripting

Description

A vulnerability in the HTML editor of Slab Quill allows an attacker to execute arbitrary JavaScript by storing an XSS payload (a crafted onloadstart attribute of an IMG element) in a text field.

Affected Versions

Version 4.8.0

Solution

Unfortunately, there is no solution available yet.

Last Modified

2021-04-30

source