XSS in Basecamp Trix
CVE-2025-46812
Trix is a what-you-see-is-what-you-get rich text editor for everyday writing. Versions prior to 2.1.15 are vulnerable to XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would ex…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.006 (44.3th percentile) — read the EPSS interpretation.
Affected products
- Basecamp Trix — versions < 2.1.15
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)