QwikSec

Security Database

CVE

CWE

Training

CVE-2021-3163

Published: Apr 12, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

A vulnerability in the HTML editor of Slab Quill 4.8.0 allows an attacker to execute arbitrary JavaScript by storing an XSS payload (a crafted onloadstart attribute of an IMG element) in a text field. Note: Researchers have claimed that this issue is not within the product itself, but is intended behavior in a web browser

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://quilljs.com

x_refsource_MISC

https://burninatorsec.blogspot.com/2021/04/cve-2021-3163-xss-slab-quill-js.html

x_refsource_MISC

https://github.com/quilljs/quill/issues/3273

x_refsource_MISC

https://github.com/quilljs/quill/issues/3364

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.