Cameron Foale

**Name of the Vulnerable Software and Affected Versions** quill-mention versions prior to 4.0.0 **Description** The issue is related to improper user-input sanitization, which can lead to Cross-site Scripting (XSS) attacks. This occurs via the `renderList` function. If the mentions list is sourced from unsafe (user-sourced) data, it might allow an injection attack when a Quill user hits @. **Recommendations** For versions prior to 4.0.0, update to version 4.0.0 or later to resolve the issue. As a temporary workaround, consider disabling the `renderList` function until a patch is available. Restrict access to user-sourced data to minimize the risk of exploitation. Avoid using unsafe data sources for the mentions list until the issue is resolved.