Skip to main content

Tiptap Extension Link

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-14284 npm LOW POC PATCH Monitor

Stored cross-site scripting (XSS) in @tiptap/extension-link before version 2.10.4 allows attackers to execute arbitrary JavaScript by injecting javascript: URL payloads into link attributes during link creation or modification. The vulnerability requires user interaction to trigger the payload and impacts the integrity of affected web applications. Publicly available exploit code exists, and a vendor-released patch is available in version 2.10.4.

XSS Tiptap Extension Link
NVD GitHub
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-14284 npm
EPSS 0% CVSS 2.0
LOW POC PATCH Monitor

Stored cross-site scripting (XSS) in @tiptap/extension-link before version 2.10.4 allows attackers to execute arbitrary JavaScript by injecting javascript: URL payloads into link attributes during link creation or modification. The vulnerability requires user interaction to trigger the payload and impacts the integrity of affected web applications. Publicly available exploit code exists, and a vendor-released patch is available in version 2.10.4.

XSS Tiptap Extension Link
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy