CVE-2025-46812 – Trix Cross-Site Scripting Vulnerability

May 8, 2025

CVE ID : CVE-2025-46812

Published : May 8, 2025, 8:15 p.m. | 3 hours, 22 minutes ago

Description : Trix is a what-you-see-is-what-you-get rich text editor for everyday writing. Versions prior to 2.1.15 are vulnerable to XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the user’s session, potentially leading to unauthorized actions being performed or sensitive information being disclosed. This issue has been patched in version 2.1.15.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46833 – Apache SimplePythonEncryption RSA Brute Force Decryption Vulnerability

Next Article CVE-2025-46712 – Erlang/OTP SSH Man-in-the-Middle Injection Vulnerability

Highlights

CVE-2025-32955 – Harden-Runner Docker Privilege Escalation Vulnerability

April 21, 2025

CVE ID : CVE-2025-32955

Published : April 21, 2025, 9:15 p.m. | 1 hour, 16 minutes ago

Description : Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Versions from 0.12.0 to before 2.12.0 are vulnerable to `disable-sudo` bypass. Harden-Runner includes a policy option `disable-sudo` to prevent the GitHub Actions runner user from using sudo. This is implemented by removing the runner user from the sudoers file. However, this control can be bypassed as the runner user, being part of the docker group, can interact with the Docker daemon to launch privileged containers or access the host filesystem. This allows the attacker to regain root access or restore the sudoers file, effectively bypassing the restriction. This issue has been patched in version 2.12.0.

Severity: 6.0 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

Your password manager is under attack, and this new threat makes it worse: How to defend yourself

EcoFlow’s new backyard solar energy system starts at $599 – no installation crews or permits needed

Why Sonos’ cheapest smart speaker is one of my favorites – even a year after its release

7 productivity gadgets I can’t live without (and why they make such a big difference)

Tap into Your PHP Potential with Free Projects at PHPGurukul

Tap into Your PHP Potential with Free Projects at PHPGurukul

Preparing for AI? Here’s How PIM Gets Your Data in Shape

A Closer Look at the AI Assistant of Oracle Analytics

kew v3.2.0 improves internet radio support and more

kew v3.2.0 improves internet radio support and more

GNOME Replace Totem Video Player with Showtime

Placemark is a web-based tool for geospatial data

CVE-2025-46812 – Trix Cross-Site Scripting Vulnerability

SonicWall Confirms Active Exploitation of Flaws Affecting Multiple Appliance Models

Commvault Confirms Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach

Tiny Models, Big Reasoning Gains: USC Researchers Introduce Tina for Cost-Effective Reinforcement Learning with LoRA

Syncing icons in Figma

TargetJ â€“ New JavaScript framework that can animate anything

A Comprehensive Analytical Framework for Mathematical Reasoning in Multimodal Large Language Models

CVE-2025-32955 – Harden-Runner Docker Privilege Escalation Vulnerability

Autho: Your Authy Desktop Alternative and Beyond (Open Source)

CVE-2025-46532 – Haris Zulfiqar Tooltip Cross-site Scripting (XSS)

[Podcast] What if You Didnâ€™t Need People To Make Your Technology Work?

CVE-2025-46812 – Trix Cross-Site Scripting Vulnerability

Related Posts