A lack of data validation vulnerability in the HTML export feature in Quill in allows Cross-Site Scripting (XSS).
This issue affects Quill: 2.0.3.
CVSS
No CVSS.
References
Configurations
No configuration.
History
13 Jan 2026, 21:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-01-13 21:15
Updated : 2026-01-14 16:25
NVD link : CVE-2025-15056
Mitre link : CVE-2025-15056
CVE.ORG link : CVE-2025-15056
JSON object : View
Products Affected
No product.
CWE
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')