CVE-2021-3163

Name of the Vulnerable Software and Affected Versions Slab Quill version 4.8.0

Description A vulnerability in the HTML editor of Slab Quill allows an attacker to execute arbitrary JavaScript by storing an XSS payload, specifically a crafted onloadstart attribute of an IMG element, in a text field. Researchers have claimed that this issue is not within the product itself, but is intended behavior in a web browser.

Recommendations For Slab Quill version 4.8.0, as a temporary workaround, consider disabling the use of the onloadstart attribute in the HTML editor until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.