CVE-2024-34341

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published May 7, 2024

CWE ID 79

Summary

CVE-2024-34341 is a vulnerability affecting the Trix rich text editor. Versions prior to 2.1.1 are susceptible to arbitrary code execution due to insufficient sanitization of pasted content. Malicious scripts can be embedded during the copying and pasting of content from the web or other documents. This issue allows attackers to execute code within the application context. Users are advised to upgrade to Trix editor version 2.1.1 or later, which includes improved input sanitization to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vuPyer
https://www.cve.org/CVERecord?id=CVE-2024-34341
https://nvd.nist.gov/vuln/detail/CVE-2024-34341

Back to Vulnerability Database

CVE-2024-34341

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations