Ecosystem	Package	Version

Vulnerabilities

CVE-2025-15056

CVE-2025-15056

A lack of data validation vulnerability in the HTML export feature in Quill in allows Cross-Site Scripting (XSS). This issue affects Quill: 2.0.3.

Published Jan 15, 2026

https://fluidattacks.com/advisories/diomedes

CVSS ScoreMedium

5.1

Ecosystem	Package	Version


npm	@adminforth/chat-gpt	1.0.10
npm	@adminforth/chat-gpt	1.0.11
npm	@adminforth/chat-gpt	1.0.14
npm	@adminforth/chat-gpt	1.0.15
npm	@adminforth/chat-gpt	1.0.16
npm	@adminforth/chat-gpt	1.0.17
npm	@adminforth/chat-gpt	1.0.18
npm	@adminforth/chat-gpt	1.0.19
npm	@adminforth/chat-gpt	1.0.1
npm	@adminforth/chat-gpt	1.0.20
npm	@adminforth/chat-gpt	1.0.2
npm	@adminforth/chat-gpt	1.0.4
npm	@adminforth/chat-gpt	1.0.5
npm	@adminforth/chat-gpt	1.0.6
npm	@adminforth/chat-gpt	1.0.7
npm	@adminforth/chat-gpt	1.0.8
npm	@adminforth/chat-gpt	1.0.9
npm	@adminforth/rich-editor	1.0.10
npm	@adminforth/rich-editor	1.0.11
npm	@adminforth/rich-editor	1.0.12
npm	@adminforth/rich-editor	1.0.13
npm	@adminforth/rich-editor	1.0.14
npm	@adminforth/rich-editor	1.0.15
npm	@adminforth/rich-editor	1.0.16
npm	@adminforth/rich-editor	1.0.18
npm	@adminforth/rich-editor	1.0.2
npm	@adminforth/rich-editor	1.0.3
npm	@adminforth/rich-editor	1.0.4
npm	@adminforth/rich-editor	1.0.5
npm	@adminforth/rich-editor	1.0.6
npm	@adminforth/rich-editor	1.0.7
npm	@adminforth/rich-editor	1.0.8
npm	@adminforth/rich-editor	1.0.9
npm	@andesome/quill2	2.0.0-dev.3
npm	@ballotfyi/quill	2.0.0-dev.4
npm	@creately/quill	1.0.0
npm	@creately/quill	1.0.2
npm	@creately/quill	1.0.3
npm	@creately/quill	1.0.4
npm	@creately/quill	1.0.5
npm	@creately/quill	1.0.6
npm	@creately/quill	1.0.7
npm	@creately/quill	1.0.8
npm	@creately/quill	1.2.1
npm	@creately/quill	1.2.2
npm	@creately/quill	1.2.3
npm	@creately/quill	1.3.1
npm	@creately/quill	1.3.2
npm	@creately/quill	1.3.3
npm	@creately/quill	1.3.4

CVE-2025-15056 | Components Impacted | Sonatype Guide | Sonatype Guide