Trix Editor Cross-Site Scripting Vulnerability via Malicious Links
Vulnerability
A cross-site scripting (XSS) vulnerability has been identified in the Trix editor, a WYSIWYG rich text editor, in versions prior to 2.1.12. The issue arises when users paste malicious 'javascript:' URLs into the link field, which can execute arbitrary JavaScript within the user's session. This could lead to unauthorized actions or the disclosure of sensitive information.
Impact
Exploitation allows for cross-site scripting, executing JavaScript in the context of the user's session on the affected site.
Reproduction
To reproduce this vulnerability, use Trix Editor version 2.1.11 or earlier. Paste a 'javascript:' URL into the link field and add the link. After removing the 'contenteditable' attribute from the editor, the link can be clicked, executing the JavaScript alert.
Remediation
Users should upgrade to Trix Editor version 2.1.12 or later. Additionally, consider implementing a Content Security Policy (CSP) that disallows 'javascript:' URLs and restricts script execution to the same origin.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.