VYPR
Vendor

Basecamp

Products
3
CVEs
8
Across products
8
Status
Private

Products

3

Recent CVEs

8
  • CVE-2023-36612HigJun 25, 2023
    risk 0.49cvss 7.5epss 0.01

    Directory traversal can occur in the Basecamp com.basecamp.bc3 application before 4.2.1 for Android, which may allow an attacker to write arbitrary files in the application's private directory. Additionally, by using a malicious intent, the attacker may redirect the server's…

  • CVE-2024-43368MedAug 14, 2024
    risk 0.35cvss 6.5epss 0.00

    The Trix editor, versions prior to 2.1.4, is vulnerable to XSS when pasting malicious code. This vulnerability is a bypass of the fix put in place for GHSA-qjqp-xr96-cj99. In pull request 1149, sanitation was added for Trix attachments with a `text/html` content type. However,…

  • CVE-2024-34341MedMay 7, 2024
    risk 0.28cvss 5.4epss 0.01

    Trix is a rich text editor. The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content,…

  • CVE-2025-21610MedJan 3, 2025
    risk 0.27cvss 5.3epss 0.00

    Trix is a what-you-see-is-what-you-get rich text editor for everyday writing. Versions prior to 2.1.12 are vulnerable to cross-site scripting when pasting malicious code in the link field. An attacker could trick the user to copy&paste a malicious `javascript:` URL as a link…

  • CVE-2024-53847MedDec 9, 2024
    risk 0.26cvss epss 0.00

    The Trix rich text editor, prior to versions 2.1.9 and 1.3.3, is vulnerable to cross-site scripting (XSS) + mutation XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the…

  • CVE-2025-58067MedAug 29, 2025
    risk 0.20cvss 4.2epss 0.00

    Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.1, it is possible to redirect a user to another origin if the "proceed_to" value in the session store is set to a protocol-relative URL. Normally the value of this URL is only written and…

  • CVE-2025-57821MedAug 27, 2025
    risk 0.20cvss 4.2epss 0.00

    Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.0, it is possible to craft a malformed URL that passes the "same origin" check, resulting in the user being redirected to another origin. Rails applications configured to store the flash…

  • CVE-2025-46812LowMay 8, 2025
    risk 0.06cvss epss 0.01

    Trix is a what-you-see-is-what-you-get rich text editor for everyday writing. Versions prior to 2.1.15 are vulnerable to XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within…