XSS in Basecamp Trix

CVE-2025-46812

Trix is a what-you-see-is-what-you-get rich text editor for everyday writing. Versions prior to 2.1.15 are vulnerable to XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would ex…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.006 (44.3th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References