Advisories for Npm/Quill package

A lack of data validation vulnerability in the HTML export feature in Quill in allows Cross-Site Scripting (XSS). This issue affects Quill: 2.0.3.

A vulnerability in the HTML editor of Slab Quill allows an attacker to execute arbitrary JavaScript by storing an XSS payload (a crafted onloadstart attribute of an IMG element) in a text field.

Versions of quill prior to 1.3.7 are vulnerable to Reverse Tabnabbing. The package uses target='_blank' in anchor tags, allowing attackers to access window.opener for the original page when opening links. This is commonly used for phishing attacks. Recommendation No fix is currently available. Consider using an alternative package until a fix is made available.