A lack of data validation vulnerability in the HTML export feature in Quill in allows Cross-Site Scripting (XSS).
This issue affects Quill: 2.0.3.
CVSS Score
5.1
EPSS Score
0.001
Published
2026-01-13
A vulnerability in the HTML editor of Slab Quill 4.8.0 allows an attacker to execute arbitrary JavaScript by storing an XSS payload (a crafted onloadstart attribute of an IMG element) in a text field. Note: Researchers have claimed that this issue is not within the product itself, but is intended behavior in a web browser
CVSS Score
6.1
EPSS Score
0.005
Published
2021-04-12