Deal with quill security vulnerability

Description

Github says:

CVE-2021-3163

A vulnerability in the HTML editor of Slab Quill allows an attacker to execute arbitrary JavaScript by storing an XSS payload (a crafted onloadstart attribute of an IMG element) in a text field. No patch exists and no further releases are planned.

Review if we even need quill or check the impact of this vulnerability.

Problem/Justification

None

Impact

None

SmartDraw Connector

Katalon Manual Tests (BETA)

Activity

Show:

Bug Clerk

May 12, 2021 at 10:02 AM

12.0 PR: https://github.com/truenas/webui/pull/5436

Bug Clerk

May 12, 2021 at 9:57 AM

21.06 PR: https://github.com/truenas/webui/pull/5435

Resize issue view side panel

Complete

Details

Assignee

Ievgen Stepanovych

Reporter

Ievgen Stepanovych

Components

WebUI

Fix versions

SCALE-21.06-BETA.1

12.0-U5

Priority

High

More fields

Katalon Platform

Created May 12, 2021 at 6:46 AM

Updated July 6, 2022 at 9:02 PM

Resolved May 13, 2021 at 11:13 AM