CVE-2025-15056 MEDIUM

CVE-2025-15056: Quill 2.0.3 - Lack of data validation in HTML export allowing XSS

Vendor Slab
Product Quill
Weakness CWE-79 · XSS
Published January 13, 2026
Last update April 20, 2026
View on NVD All CVEs

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N

What the vulnerability does

01Description

A lack of data validation vulnerability in the HTML export feature in Quill in allows Cross-Site Scripting (XSS). This issue affects Quill: 2.0.3.

Key dates

02Disclosure timeline

January 13, 2026 CVE published
April 20, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-1512 Essential Addons for Elementor <= 6.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Info Box Widget CVE-2014-125039 kkokko NeoXplora Trainer cross site scripting CVE-2025-22798 WordPress Responsive jQuery Slider plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability CVE-2026-25004 WordPress CM Business Directory plugin <= 1.5.3 - Cross Site Scripting (XSS) vulnerability CVE-2025-2645 PHPGurukul Art Gallery Management System product.php cross site scripting