Filtered by vendor Tiptap
Subscriptions
Filtered by product Tiptap
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-14284 | 1 Tiptap | 1 Tiptap | 2025-12-09 | 6.1 Medium |
| Versions of the package @tiptap/extension-link before 2.10.4 are vulnerable to Cross-site Scripting (XSS) due to unsanitized user input allowed in setting or toggling links. An attacker can execute arbitrary JavaScript code in the context of the application by injecting a javascript: URL payload into these attributes, which is then triggered either by user interaction. | ||||
Page 1 of 1.