GHSA-4943-9vgg-gr5r
Suggest an improvement- Source
- https://github.com/advisories/GHSA-4943-9vgg-gr5r
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-4943-9vgg-gr5r/GHSA-4943-9vgg-gr5r.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-4943-9vgg-gr5r
- Aliases
-
- CVE-2021-3163
- Published
- 2021-05-10T15:38:12Z
- Modified
- 2023-11-08T04:05:50.176505Z
- Severity
-
- CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Summary
- Cross-site Scripting in quill
- Details
-
A vulnerability in the HTML editor of Slab Quill allows an attacker to execute arbitrary JavaScript by storing an XSS payload (a crafted
onloadstartattribute of an IMG element) in a text field. No patch exists and no further releases are planned.This CVE is disputed. Researchers have claimed that this issue is not within the product itself, but is intended behavior in a web browser. More information can be found here.
- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2021-3163
- https://github.com/quilljs/quill/issues/3273
- https://github.com/quilljs/quill/issues/3359
- https://github.com/quilljs/quill/issues/3364
- https://burninatorsec.blogspot.com/2021/04/cve-2021-3163-xss-slab-quill-js.html
- https://github.com/quilljs/quill
- https://quilljs.com
Affected packages
npm / quill
Package
- Name
- quill
- View open source insights on deps.dev
- Purl
- pkg:npm/quill