CVE-2024-43368— Trix 安全漏洞

Trix has a Cross-Site Scripting (XSS) vulnerability on copy & paste

The Trix editor, versions prior to 2.1.4, is vulnerable to XSS when pasting malicious code. This vulnerability is a bypass of the fix put in place for GHSA-qjqp-xr96-cj99. In pull request 1149, sanitation was added for Trix attachments with a `text/html` content type. However, Trix only checks the content type on the paste event's `dataTransfer` object. As long as the `dataTransfer` has a content type of `text/html`, Trix parses its contents and creates an `Attachment` with them, even if the attachment itself doesn't have a `text/html` content type. Trix then uses the attachment content to set the attachment element's `innerHTML`. An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the user's session, potentially leading to unauthorized actions being performed or sensitive information being disclosed. This vulnerability was fixed in version 2.1.4.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Trix 安全漏洞

Trix是Basecamp开源的一个适用于日常写作的丰富文本编辑器。 Trix 2.1.4之前版本存在安全漏洞，该漏洞源于存在跨站脚本，攻击者可以诱骗用户复制和粘贴恶意代码，然后在用户会话的上下文中执行任意JavaScript代码，从而导致执行未经授权的操作或泄露敏感信息。

N/A

N/A