NodeJS/quill/1.3.7
Your powerful, rich text editor
https://www.npmjs.com/package/quill
BSD-3-Clause
1 Security Vulnerabilities
Cross-site Scripting in quill
Published date: 2021-05-10T15:38:12Z
CVE: CVE-2021-3163
Links:
- https://nvd.nist.gov/vuln/detail/CVE-2021-3163
- https://github.com/advisories/GHSA-4943-9vgg-gr5r
- https://github.com/quilljs/quill/issues/3273
- https://github.com/quilljs/quill/issues/3359
- https://burninatorsec.blogspot.com/2021/04/cve-2021-3163-xss-slab-quill-js.html
- https://quilljs.com
- https://github.com/quilljs/quill/issues/3364
A vulnerability in the HTML editor of Slab Quill allows an attacker to execute arbitrary JavaScript by storing an XSS payload (a crafted onloadstart
attribute of an IMG element) in a text field. No patch exists and no further releases are planned.
This CVE is disputed. Researchers have claimed that this issue is not within the product itself, but is intended behavior in a web browser. More information can be found here.
Affected versions:
["0.1.0", "0.1.1", "0.1.2", "0.1.4", "0.1.5", "0.1.5-1", "0.19.0", "0.19.1", "0.19.2", "0.19.3", "0.19.4", "0.19.5", "0.19.7", "0.19.8", "0.19.10", "0.19.11", "0.19.12", "0.19.14", "0.20.0", "0.20.1", "1.0.0-beta.0", "1.0.0-beta.1", "1.0.0-beta.2", "1.0.0-beta.3", "1.0.0-beta.4", "1.0.0-beta.5", "1.0.0-beta.6", "1.0.0-beta.8", "1.0.0-beta.9", "1.0.0-beta.10", "1.0.0-beta.11", "1.0.0-rc.0", "1.0.0-rc.1", "1.0.0-rc.2", "1.0.0-rc.3", "1.0.0-rc.4", "1.0.0", "1.0.2", "1.0.3", "1.0.4", "1.0.6", "1.1.0", "1.1.1", "1.1.2", "1.1.3", "1.1.5", "1.1.6", "1.1.7", "1.1.8", "1.1.9", "1.1.10", "1.2.0", "1.2.1", "1.2.2", "1.2.3", "1.2.4", "1.2.5", "1.2.6", "1.3.0", "1.3.1", "1.3.2", "1.3.3", "1.3.4", "1.3.5", "1.3.6", "1.3.7"]
Secure versions:
[2.0.0-beta.0, 2.0.0-beta.1, 2.0.0-beta.2, 2.0.0-rc.0, 2.0.0-rc.1, 2.0.0-rc.2, 2.0.0-rc.3, 2.0.0-rc.4, 2.0.0-rc.5, 2.0.0, 2.0.1, 2.0.2]
Recommendation:
Update to version 2.0.2.
78 Other Versions
Version | License | Security | Released | |
---|---|---|---|---|
0.1.0 | BSD-3-Clause | 2 | 2012-03-25 - 16:10 | about 12 years |
0.1.1 | BSD-3-Clause | 2 | 2012-03-25 - 16:12 | about 12 years |
0.1.2 | BSD-3-Clause | 2 | 2012-03-25 - 16:20 | about 12 years |
0.1.4 | BSD-3-Clause | 2 | 2012-03-25 - 17:02 | about 12 years |
0.1.5 | BSD-3-Clause | 2 | 2012-03-27 - 21:12 | about 12 years |
0.1.5-1 | BSD-3-Clause | 2 | 2012-03-28 - 00:37 | about 12 years |
0.19.0 | BSD-3-Clause | 2 | 2014-11-07 - 05:15 | over 9 years |
0.19.1 | BSD-3-Clause | 2 | 2014-11-07 - 18:41 | over 9 years |
0.19.2 | BSD-3-Clause | 2 | 2014-11-08 - 01:55 | over 9 years |
0.19.3 | BSD-3-Clause | 2 | 2014-11-10 - 03:03 | over 9 years |
0.19.4 | BSD-3-Clause | 2 | 2014-11-16 - 22:53 | over 9 years |
0.19.5 | BSD-3-Clause | 2 | 2014-11-24 - 00:41 | over 9 years |
0.19.7 | BSD-3-Clause | 2 | 2014-11-25 - 02:30 | over 9 years |
0.19.8 | BSD-3-Clause | 2 | 2014-12-09 - 06:20 | over 9 years |
0.19.10 | BSD-3-Clause | 2 | 2015-03-20 - 07:26 | about 9 years |
0.19.11 | BSD-3-Clause | 2 | 2015-04-25 - 23:59 | about 9 years |
0.19.12 | BSD-3-Clause | 2 | 2015-05-08 - 23:31 | about 9 years |
0.19.14 | BSD-3-Clause | 2 | 2015-06-16 - 23:52 | almost 9 years |
0.20.0 | BSD-3-Clause | 2 | 2015-07-27 - 23:01 | almost 9 years |
0.20.1 | BSD-3-Clause | 2 | 2015-11-11 - 07:53 | over 8 years |
1.0.0-beta.0 | BSD-3-Clause | 2 | 2016-05-03 - 19:18 | about 8 years |
1.0.0-beta.1 | BSD-3-Clause | 2 | 2016-05-10 - 00:53 | about 8 years |
1.0.0-beta.2 | BSD-3-Clause | 2 | 2016-05-15 - 05:08 | about 8 years |
1.0.0-beta.3 | BSD-3-Clause | 2 | 2016-05-25 - 03:36 | almost 8 years |
1.0.0-beta.4 | BSD-3-Clause | 2 | 2016-06-03 - 05:56 | almost 8 years |
1.0.0-beta.5 | BSD-3-Clause | 2 | 2016-06-14 - 02:41 | almost 8 years |
1.0.0-beta.6 | BSD-3-Clause | 2 | 2016-06-21 - 00:20 | almost 8 years |
1.0.0-beta.8 | BSD-3-Clause | 2 | 2016-07-08 - 04:54 | almost 8 years |
1.0.0-beta.9 | BSD-3-Clause | 2 | 2016-07-19 - 00:24 | almost 8 years |
1.0.0-beta.10 | BSD-3-Clause | 2 | 2016-08-03 - 03:26 | almost 8 years |
1.0.0-beta.11 | BSD-3-Clause | 2 | 2016-08-03 - 21:10 | almost 8 years |
1.0.0-rc.0 | BSD-3-Clause | 2 | 2016-08-18 - 07:19 | over 7 years |
1.0.0-rc.1 | BSD-3-Clause | 2 | 2016-08-23 - 05:39 | over 7 years |
1.0.0-rc.2 | BSD-3-Clause | 2 | 2016-08-23 - 22:00 | over 7 years |
1.0.0-rc.3 | BSD-3-Clause | 2 | 2016-08-29 - 23:08 | over 7 years |
1.0.0-rc.4 | BSD-3-Clause | 2 | 2016-08-31 - 18:34 | over 7 years |
1.0.0 | BSD-3-Clause | 2 | 2016-09-06 - 16:01 | over 7 years |
1.0.2 | BSD-3-Clause | 2 | 2016-09-07 - 07:03 | over 7 years |
1.0.3 | BSD-3-Clause | 2 | 2016-09-07 - 22:38 | over 7 years |
1.0.4 | BSD-3-Clause | 2 | 2016-09-19 - 01:01 | over 7 years |
1.0.6 | BSD-3-Clause | 2 | 2016-09-30 - 00:03 | over 7 years |
1.1.0 | BSD-3-Clause | 2 | 2016-10-17 - 03:13 | over 7 years |
1.1.1 | BSD-3-Clause | 2 | 2016-10-21 - 00:57 | over 7 years |
1.1.2 | BSD-3-Clause | 2 | 2016-10-24 - 00:37 | over 7 years |
1.1.3 | BSD-3-Clause | 2 | 2016-10-24 - 21:00 | over 7 years |
1.1.5 | BSD-3-Clause | 2 | 2016-11-07 - 22:57 | over 7 years |
1.1.6 | BSD-3-Clause | 2 | 2016-12-08 - 18:36 | over 7 years |
1.1.7 | BSD-3-Clause | 2 | 2016-12-13 - 08:45 | over 7 years |
1.1.8 | BSD-3-Clause | 2 | 2016-12-23 - 09:10 | over 7 years |
1.1.9 | BSD-3-Clause | 2 | 2017-01-02 - 04:54 | over 7 years |
1.1.10 | BSD-3-Clause | 2 | 2017-01-16 - 01:22 | over 7 years |
1.2.0 | BSD-3-Clause | 2 | 2017-01-21 - 09:21 | over 7 years |
1.2.1 | BSD-3-Clause | 2 | 2017-02-27 - 05:10 | about 7 years |
1.2.2 | BSD-3-Clause | 2 | 2017-02-27 - 09:28 | about 7 years |
1.2.3 | BSD-3-Clause | 2 | 2017-03-29 - 04:14 | about 7 years |
1.2.4 | BSD-3-Clause | 2 | 2017-04-18 - 03:44 | about 7 years |
1.2.5 | BSD-3-Clause | 2 | 2017-05-29 - 04:56 | almost 7 years |
1.2.6 | BSD-3-Clause | 2 | 2017-06-05 - 17:21 | almost 7 years |
1.3.0 | BSD-3-Clause | 2 | 2017-07-17 - 06:03 | almost 7 years |
1.3.1 | BSD-3-Clause | 2 | 2017-08-07 - 09:04 | almost 7 years |
1.3.2 | BSD-3-Clause | 2 | 2017-09-04 - 03:18 | over 6 years |
1.3.3 | BSD-3-Clause | 2 | 2017-10-09 - 06:02 | over 6 years |
1.3.4 | BSD-3-Clause | 2 | 2017-11-06 - 07:36 | over 6 years |
1.3.5 | BSD-3-Clause | 2 | 2018-01-22 - 19:24 | over 6 years |
1.3.6 | BSD-3-Clause | 2 | 2018-03-12 - 06:39 | about 6 years |
1.3.7 | BSD-3-Clause | 1 | 2019-09-09 - 07:15 | over 4 years |
2.0.0-beta.0 | BSD-3-Clause | 2023-12-08 - 01:40 | 5 months | |
2.0.0-beta.1 | BSD-3-Clause | 2024-01-21 - 14:50 | 4 months | |
2.0.0-beta.2 | BSD-3-Clause | 2024-01-30 - 10:38 | 4 months | |
2.0.0-rc.0 | BSD-3-Clause | 2024-02-03 - 06:08 | 4 months | |
2.0.0-rc.1 | BSD-3-Clause | 2024-02-12 - 04:37 | 3 months | |
2.0.0-rc.2 | BSD-3-Clause | 2024-02-15 - 08:05 | 3 months | |
2.0.0-rc.3 | BSD-3-Clause | 2024-03-16 - 02:46 | 2 months | |
2.0.0-rc.4 | BSD-3-Clause | 2024-03-24 - 04:43 | about 2 months | |
2.0.0-rc.5 | BSD-3-Clause | 2024-04-04 - 13:36 | about 1 month | |
2.0.0 | BSD-3-Clause | 2024-04-17 - 00:45 | about 1 month | |
2.0.1 | BSD-3-Clause | 2024-05-01 - 09:11 | 17 days | |
2.0.2 | BSD-3-Clause | 2024-05-13 - 06:46 | 5 days |