CVE-2025-46812

Name of the Vulnerable Software and Affected Versions Trix versions prior to 2.1.15

Description The issue allows an attacker to execute arbitrary JavaScript code within the context of a user's session by tricking the user into copying and pasting malicious code. This could potentially lead to unauthorized actions or sensitive information disclosure.

Recommendations For versions prior to 2.1.15, update to version 2.1.15 or later to resolve the issue. As a temporary workaround, consider restricting the ability to paste code into the editor until the update is applied.