๐Ÿ” CVE Alert

CVE-2025-15056

UNKNOWN 0.0

Quill 2.0.3 - Lack of data validation in HTML export allowing XSS

CVSS Score
0.0
EPSS Score
0.1%
EPSS Percentile
16th

A lack of data validation vulnerability in the HTML export feature in Quill in allows Cross-Site Scripting (XSS). This issue affects Quill: 2.0.3.

CWE CWE-79
Vendor slab
Product quill
Published Jan 13, 2026
Last Updated Apr 20, 2026
Stay Ahead of the Next One

Get instant alerts for slab quill

Be the first to know when new unknown vulnerabilities affecting slab quill are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Slab / Quill
2.0.3

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
fluidattacks.com: https://fluidattacks.com/advisories/diomedes github.com: https://github.com/slab/quill

Credits

Cristian Vargas