Description
A vulnerability in the HTML editor of Slab Quill 4.8.0 allows an attacker to execute arbitrary JavaScript by storing an XSS payload (a crafted onloadstart attribute of an IMG element) in a text field. Note: Researchers have claimed that this issue is not within the product itself, but is intended behavior in a web browser
Remediation
References
https://burninatorsec.blogspot.com/2021/04/cve-2021-3163-xss-slab-quill-js.html
https://github.com/quilljs/quill/issues/3273
https://github.com/quilljs/quill/issues/3364
https://quilljs.com
Related Vulnerabilities
CVE-2017-1000486 Vulnerability in maven package org.primefaces:primefaces
CVE-2023-23850 Vulnerability in maven package org.jenkins-ci.plugins:synopsys-coverity
CVE-2021-37712 Vulnerability in npm package tar
CVE-2019-5427 Vulnerability in maven package com.mchange:c3p0
CVE-2022-31170 Vulnerability in npm package @openzeppelin/contracts-upgradeable