quill-mention@3.0.3 vulnerabilities
@mentions for the Quill rich text editor
-
latest version
6.0.2
-
latest non vulnerable version
-
first published
7 years ago
-
latest version published
15 days ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the quill-mention package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
quill-mention is a @mentions for the Quill rich text editor Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization, via the Note: If the mentions list is sourced from unsafe (user-sourced) data, this might allow an injection attack when a Quill user hits How to fix Cross-site Scripting (XSS)? Upgrade |
<4.0.0
|