CVE-2021-3163 – quill

Package

Manager: npm
Name: quill
Vulnerable Version: <0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

CVSS v4.0: N/A

EPSS: 0.00496 pctl0.64792

Details

Cross-site Scripting in quill A vulnerability in the HTML editor of Slab Quill allows an attacker to execute arbitrary JavaScript by storing an XSS payload (a crafted `onloadstart` attribute of an IMG element) in a text field. No patch exists and no further releases are planned. This CVE is disputed. Researchers have claimed that this issue is not within the product itself, but is intended behavior in a web browser. More information can be found [here](https://github.com/quilljs/quill/issues/3364).

Metadata

Created: 2021-05-10T15:38:12Z
Modified: 2024-08-09T14:41:50Z
Source: MANUAL
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-4943-9vgg-gr5r
Finding: N/A
Auto approve: 0