Summary
- The Trix Editor is a text editing tool that can be embedded into websites
- to enable users to create and edit text content within web pages,
- however, in version 2.1.1, it lacks proper sanitization processes for text copied and pasted from other sources,
- This vulnerability enabled unethical users to paste malicious code into the editor.
- That would then be saved into the webpage and executed as hypertext markup language (HTML) rather than plain text.
- This could potentially allow hackers to run scripts that could hijack user sessions or compromise personal information on unpatched sites.
- This issue was responsibly disclosed and the maker of Trix has released a patched version 2.2.1 implementing tweaks to prevent this kind of attack.
By Monika sharma
Original Article