Skip to main content

Quill

2 CVEs product

Monthly

CVE-2025-15056 npm MEDIUM This Month

A lack of data validation vulnerability in the HTML export feature in Quill in allows Cross-Site Scripting (XSS). This issue affects Quill: 2.0.3.

XSS Quill
NVD GitHub
CVSS 4.0
5.1
EPSS
0.1%
CVE-2021-3163 npm MEDIUM POC This Month

A vulnerability in the HTML editor of Slab Quill 4.8.0 allows an attacker to execute arbitrary JavaScript by storing an XSS payload (a crafted onloadstart attribute of an IMG element) in a text. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Quill
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
EPSS 0% CVSS 5.1
MEDIUM This Month

A lack of data validation vulnerability in the HTML export feature in Quill in allows Cross-Site Scripting (XSS). This issue affects Quill: 2.0.3.

XSS Quill
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

A vulnerability in the HTML editor of Slab Quill 4.8.0 allows an attacker to execute arbitrary JavaScript by storing an XSS payload (a crafted onloadstart attribute of an IMG element) in a text. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Quill
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy