[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-34341":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":45,"duplicate_of":9,"upstream":47,"downstream":48,"duplicates":57,"related":58,"reserved_at":9,"published_at":65,"modified_at":66,"state":67,"summary":68,"references_raw":77,"kevs":145,"epss":146,"epss_history":149,"metrics":414,"affected":424},"CVE-2024-34341","Trix is a rich text editor. The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker to embed malicious scripts which are executed within the context of the application. Users should upgrade to Trix editor version 2.1.1 or later, which incorporates proper sanitization of input from copied content.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-79","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-209","XSS Using MIME Type Mismatch",[],{"id":25,"name":26,"techniques":27},"CAPEC-588","DOM-Based XSS",[],{"id":29,"name":30,"techniques":31},"CAPEC-591","Reflected XSS",[],{"id":33,"name":34,"techniques":35},"CAPEC-592","Stored XSS",[],{"id":37,"name":38,"techniques":39},"CAPEC-63","Cross-Site Scripting (XSS)",[],{"id":41,"name":42,"techniques":43},"CAPEC-85","AJAX Footprinting",[],[],[46],"GHSA-qjqp-xr96-cj99",[],[49,51,53,55],{"_key":50},"OPENSUSE-SU-2024:14068-1",{"_key":52},"OPENSUSE-SU-2024:14074-1",{"_key":54},"OPENSUSE-SU-2025:15111-1",{"_key":56},"OPENSUSE-SU-2025:15124-1",[],[59,61,62,63,64],{"_key":60},"CVE-2024-43368",{"_key":50},{"_key":52},{"_key":54},{"_key":56},"2024-05-07T15:13:03.137Z","2024-08-02T02:51:09.811Z","Deferred",{"cisa_kev":69,"cisa_ransomware":69,"cisa_vendor":9,"epss_severity":70,"epss_score":71,"severity":72,"severity_score":73,"severity_version":74,"severity_source":75,"severity_vector":76,"severity_status":67},false,"low",0.00551,"medium",5.4,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",[78,86,91,95,99,103,107,112,116,120,124,128,133,137,141],{"url":79,"sources":80,"tags":83},"https://github.com/basecamp/trix/security/advisories/GHSA-qjqp-xr96-cj99",[75,81,82],"nvd","osv_npm",[84,85],"X Refsource CONFIRM","WEB",{"url":87,"sources":88,"tags":89},"https://github.com/basecamp/trix/pull/1147",[75,81,82],[90,85],"X Refsource MISC",{"url":92,"sources":93,"tags":94},"https://github.com/basecamp/trix/pull/1149",[75,81,82],[90,85],{"url":96,"sources":97,"tags":98},"https://github.com/basecamp/trix/commit/1a5c68a14d48421fc368e30026f4a7918028b7ad",[75,81,82],[90,85],{"url":100,"sources":101,"tags":102},"https://github.com/basecamp/trix/commit/841ff19b53f349915100bca8fcb488214ff93554",[75,81,82],[90,85],{"url":104,"sources":105,"tags":106},"https://github.com/basecamp/trix/releases/tag/v2.1.1",[75,81,82],[90,85],{"url":108,"sources":109,"tags":110},"https://nvd.nist.gov/vuln/detail/CVE-2024-34341",[82],[111],"Advisory",{"url":113,"sources":114,"tags":115},"https://github.com/rails/rails/commit/07e6c88cc4defe6f6b8d28e79eb13a518e15b14c",[82],[85],{"url":117,"sources":118,"tags":119},"https://github.com/rails/rails/commit/260cb392fc1ee91d0b749cff08d1c8d54b230bd3",[82],[85],{"url":121,"sources":122,"tags":123},"https://github.com/rails/rails/commit/73fac32511eefdd45d8f00fecc2b8cc5408ea6d5",[82],[85],{"url":125,"sources":126,"tags":127},"https://discuss.rubyonrails.org/t/xss-vulnerabilities-in-trix-editor/85803",[82],[85],{"url":129,"sources":130,"tags":131},"https://github.com/basecamp/trix",[82],[132],"PACKAGE",{"url":134,"sources":135,"tags":136},"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actiontext/CVE-2024-34341.yml",[82],[85],{"url":138,"sources":139,"tags":140},"https://rubyonrails.org/2024/5/17/Rails-Versions-7-0-8-2-and-7-1-3-3-have-been-released",[82],[85],{"url":142,"sources":143,"tags":144},"https://rubyonrails.org/2024/5/17/Rails-Versions-7-0-8-3-has-been-released",[82],[85],[],{"date":147,"score":71,"percentile":148},"2026-06-04",0.68343,[150,154,157,160,163,166,169,172,174,177,180,183,186,189,191,195,198,201,204,206,209,212,215,217,220,223,226,229,233,236,239,242,245,248,251,254,257,260,263,266,269,272,275,278,281,284,287,289,292,295,298,301,304,307,310,313,315,318,321,324,327,330,332,335,338,341,344,347,350,353,356,359,362,364,367,370,373,376,379,381,384,387,390,393,396,399,402,405,408,411],{"date":151,"score":152,"percentile":153},"2025-11-04",0.00406,0.60355,{"date":155,"score":152,"percentile":156},"2025-11-05",0.6034,{"date":158,"score":152,"percentile":159},"2025-11-06",0.60343,{"date":161,"score":152,"percentile":162},"2025-11-07",0.60359,{"date":164,"score":152,"percentile":165},"2025-11-08",0.60362,{"date":167,"score":152,"percentile":168},"2025-11-09",0.60357,{"date":170,"score":152,"percentile":171},"2025-11-10",0.6033,{"date":173,"score":152,"percentile":159},"2025-11-11",{"date":175,"score":152,"percentile":176},"2025-11-12",0.60368,{"date":178,"score":152,"percentile":179},"2025-11-13",0.60375,{"date":181,"score":152,"percentile":182},"2025-11-14",0.60384,{"date":184,"score":152,"percentile":185},"2025-11-15",0.60374,{"date":187,"score":152,"percentile":188},"2025-11-16",0.60361,{"date":190,"score":152,"percentile":162},"2025-11-17",{"date":192,"score":193,"percentile":194},"2025-11-18",0.00788,0.71728,{"date":196,"score":193,"percentile":197},"2025-11-19",0.71734,{"date":199,"score":193,"percentile":200},"2025-11-20",0.71742,{"date":202,"score":152,"percentile":203},"2025-11-21",0.60373,{"date":205,"score":152,"percentile":185},"2025-11-22",{"date":207,"score":152,"percentile":208},"2025-11-23",0.60356,{"date":210,"score":152,"percentile":211},"2025-11-24",0.60354,{"date":213,"score":152,"percentile":214},"2025-11-25",0.60358,{"date":216,"score":152,"percentile":162},"2025-11-26",{"date":218,"score":152,"percentile":219},"2025-11-27",0.60365,{"date":221,"score":152,"percentile":222},"2025-11-28",0.60342,{"date":224,"score":152,"percentile":225},"2025-11-29",0.60317,{"date":227,"score":152,"percentile":228},"2025-11-30",0.60309,{"date":230,"score":231,"percentile":232},"2025-12-01",0.00232,0.45978,{"date":234,"score":231,"percentile":235},"2025-12-02",0.45993,{"date":237,"score":231,"percentile":238},"2025-12-03",0.45986,{"date":240,"score":152,"percentile":241},"2025-12-04",0.60303,{"date":243,"score":152,"percentile":244},"2025-12-05",0.6031,{"date":246,"score":152,"percentile":247},"2025-12-06",0.60301,{"date":249,"score":152,"percentile":250},"2025-12-07",0.60294,{"date":252,"score":152,"percentile":253},"2025-12-08",0.60297,{"date":255,"score":152,"percentile":256},"2025-12-09",0.60333,{"date":258,"score":152,"percentile":259},"2025-12-10",0.60379,{"date":261,"score":152,"percentile":262},"2025-12-11",0.60399,{"date":264,"score":152,"percentile":265},"2025-12-12",0.60417,{"date":267,"score":152,"percentile":268},"2025-12-13",0.60418,{"date":270,"score":152,"percentile":271},"2025-12-14",0.60414,{"date":273,"score":152,"percentile":274},"2025-12-15",0.60388,{"date":276,"score":152,"percentile":277},"2025-12-16",0.60411,{"date":279,"score":152,"percentile":280},"2025-12-17",0.60426,{"date":282,"score":152,"percentile":283},"2025-12-18",0.60469,{"date":285,"score":152,"percentile":286},"2025-12-19",0.60478,{"date":288,"score":152,"percentile":286},"2025-12-20",{"date":290,"score":152,"percentile":291},"2025-12-21",0.60464,{"date":293,"score":152,"percentile":294},"2025-12-22",0.60458,{"date":296,"score":152,"percentile":297},"2025-12-23",0.6047,{"date":299,"score":152,"percentile":300},"2025-12-24",0.60481,{"date":302,"score":152,"percentile":303},"2025-12-25",0.60514,{"date":305,"score":152,"percentile":306},"2025-12-26",0.60511,{"date":308,"score":152,"percentile":309},"2025-12-27",0.60563,{"date":311,"score":152,"percentile":312},"2025-12-28",0.60486,{"date":314,"score":152,"percentile":300},"2025-12-29",{"date":316,"score":152,"percentile":317},"2025-12-30",0.60493,{"date":319,"score":152,"percentile":320},"2025-12-31",0.60515,{"date":322,"score":231,"percentile":323},"2026-01-01",0.46098,{"date":325,"score":231,"percentile":326},"2026-01-02",0.46075,{"date":328,"score":231,"percentile":329},"2026-01-03",0.46061,{"date":331,"score":152,"percentile":306},"2026-01-04",{"date":333,"score":152,"percentile":334},"2026-01-05",0.60497,{"date":336,"score":152,"percentile":337},"2026-01-06",0.60508,{"date":339,"score":152,"percentile":340},"2026-01-07",0.60533,{"date":342,"score":152,"percentile":343},"2026-01-08",0.60559,{"date":345,"score":152,"percentile":346},"2026-01-09",0.60561,{"date":348,"score":152,"percentile":349},"2026-01-10",0.60555,{"date":351,"score":152,"percentile":352},"2026-01-11",0.60539,{"date":354,"score":152,"percentile":355},"2026-01-12",0.60516,{"date":357,"score":152,"percentile":358},"2026-01-13",0.60479,{"date":360,"score":152,"percentile":361},"2026-01-14",0.60519,{"date":363,"score":152,"percentile":361},"2026-01-15",{"date":365,"score":152,"percentile":366},"2026-01-16",0.60541,{"date":368,"score":152,"percentile":369},"2026-01-17",0.60534,{"date":371,"score":152,"percentile":372},"2026-01-18",0.60531,{"date":374,"score":152,"percentile":375},"2026-01-19",0.60518,{"date":377,"score":152,"percentile":378},"2026-01-20",0.6053,{"date":380,"score":152,"percentile":340},"2026-01-21",{"date":382,"score":152,"percentile":383},"2026-01-22",0.60536,{"date":385,"score":152,"percentile":386},"2026-01-23",0.60575,{"date":388,"score":152,"percentile":389},"2026-01-24",0.60582,{"date":391,"score":152,"percentile":392},"2026-01-25",0.60547,{"date":394,"score":152,"percentile":395},"2026-01-26",0.60537,{"date":397,"score":152,"percentile":398},"2026-01-27",0.60542,{"date":400,"score":152,"percentile":401},"2026-01-28",0.60554,{"date":403,"score":152,"percentile":404},"2026-01-29",0.60556,{"date":406,"score":152,"percentile":407},"2026-01-30",0.60558,{"date":409,"score":152,"percentile":410},"2026-01-31",0.60564,{"date":412,"score":231,"percentile":413},"2026-02-01",0.45887,[415,420,422],{"source":75,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":416,"cvss_v4_0":9},{"baseScore":73,"baseSeverity":417,"vectorString":76,"impactScore":418,"exploitabilityScore":419},"MEDIUM",4.2,7.2,{"source":81,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":421,"cvss_v4_0":9},{"baseScore":73,"baseSeverity":417,"vectorString":76,"impactScore":418,"exploitabilityScore":419},{"source":82,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":423,"cvss_v4_0":9},{"baseScore":73,"baseSeverity":9,"vectorString":76,"impactScore":418,"exploitabilityScore":419},[425,435,450],{"ecosystem":9,"name":426,"vendor":427,"product":426,"cpe_part":428,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":429},"trix","basecamp","a",[430],{"version":431,"is_range":432,"range_type":75,"version_start":9,"version_start_type":9,"version_end":433,"version_end_type":434,"fixed_in":9},"\u003C 2.1.1",true,"2.1.1","excluding",{"ecosystem":436,"name":437,"vendor":436,"product":437,"cpe_part":9,"purl_type":438,"purl_namespace":9,"purl_name":437,"source":9,"versions":439},"RubyGems","actiontext","gem",[440,446],{"version":441,"is_range":432,"range_type":442,"version_start":443,"version_start_type":444,"version_end":445,"version_end_type":434,"fixed_in":9},"gte7_0_0_alpha1_lt7_0_8_3","ecosystem","7.0.0.alpha1","including","7.0.8.3",{"version":447,"is_range":432,"range_type":442,"version_start":448,"version_start_type":444,"version_end":449,"version_end_type":434,"fixed_in":9},"gte7_1_0_beta1_lt7_1_3_3","7.1.0.beta1","7.1.3.3",{"ecosystem":451,"name":426,"vendor":451,"product":426,"cpe_part":9,"purl_type":452,"purl_namespace":9,"purl_name":426,"source":9,"versions":453},"Npm","npm",[454,458],{"version":455,"is_range":432,"range_type":456,"version_start":457,"version_start_type":444,"version_end":433,"version_end_type":434,"fixed_in":9},"gte2_0_0_lt2_1_1","semver","2.0.0",{"version":459,"is_range":432,"range_type":456,"version_start":460,"version_start_type":444,"version_end":461,"version_end_type":434,"fixed_in":9},"gte0_9_0_lt1_3_2","0.9.0","1.3.2"]