XSS in Basecamp Trix
CVE-2024-53847
The Trix rich text editor, prior to versions 2.1.9 and 1.3.3, is vulnerable to cross-site scripting (XSS) + mutation XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execut…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.004 (34.8th percentile) — read the EPSS interpretation.
Affected products
- Basecamp Trix — versions >= 2.0.0, < 2.1.9, >= 1.0.0, < 1.3.3
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)