CVE-2025-15056: CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in Slab Quill
A lack of data validation vulnerability in the HTML export feature in Quill in allows Cross-Site Scripting (XSS). This issue affects Quill: 2.0.3.
CVE-2025-15056: CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in Slab Quill
Description
A lack of data validation vulnerability in the HTML export feature in Quill in allows Cross-Site Scripting (XSS). This issue affects Quill: 2.0.3.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Fluid Attacks
- Date Reserved
- 2025-12-23T18:21:36.039Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 6966b182a60475309fb4b26e
Added to database: 1/13/2026, 8:56:34 PM
Last updated: 1/13/2026, 8:56:43 PM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-22871: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in DataDog guarddog
HighCVE-2026-22870: CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) in DataDog guarddog
HighCVE-2026-22869: CWE-94: Improper Control of Generation of Code ('Code Injection') in eigent-ai eigent
HighCVE-2026-22868: CWE-20: Improper Input Validation in ethereum go-ethereum
HighCVE-2026-22862: CWE-20: Improper Input Validation in ethereum go-ethereum
HighActions
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.