CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-14284

Versions of the package @tiptap/extension-link before 2.10.4 are vulnerable to Cross-site Scripting (XSS) due to unsanitized user input allowed in setting or toggling links. An attacker can execute arbitrary JavaScript code in the context of the application by injecting a javascript: URL payload into these attributes, which is then triggered either by user interaction.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 14.1%

CVSS Severity

CVSS v3 Score 6.1

References

Products affected by CVE-2025-14284

Tiptap » Tiptap/extension-Link » Version: 1.0.0

cpe:2.3:a:tiptap:tiptap/extension-link:1.0.0
Tiptap » Tiptap/extension-Link » Version: 2.0.0

cpe:2.3:a:tiptap:tiptap/extension-link:2.0.0
Tiptap » Tiptap/extension-Link » Version: 2.10.0

cpe:2.3:a:tiptap:tiptap/extension-link:2.10.0
Tiptap » Tiptap/extension-Link » Version: 2.10.1

cpe:2.3:a:tiptap:tiptap/extension-link:2.10.1
Tiptap » Tiptap/extension-Link » Version: 2.10.2

cpe:2.3:a:tiptap:tiptap/extension-link:2.10.2
Tiptap » Tiptap/extension-Link » Version: 2.10.3

cpe:2.3:a:tiptap:tiptap/extension-link:2.10.3
Tiptap » Tiptap/extension-Link » Version: 2.5.0

cpe:2.3:a:tiptap:tiptap/extension-link:2.5.0
Tiptap » Tiptap/extension-Link » Version: 2.5.1

cpe:2.3:a:tiptap:tiptap/extension-link:2.5.1
Tiptap » Tiptap/extension-Link » Version: 2.5.2

cpe:2.3:a:tiptap:tiptap/extension-link:2.5.2
Tiptap » Tiptap/extension-Link » Version: 2.5.3

cpe:2.3:a:tiptap:tiptap/extension-link:2.5.3
Tiptap » Tiptap/extension-Link » Version: 2.5.4

cpe:2.3:a:tiptap:tiptap/extension-link:2.5.4
Tiptap » Tiptap/extension-Link » Version: 2.5.5

cpe:2.3:a:tiptap:tiptap/extension-link:2.5.5
Tiptap » Tiptap/extension-Link » Version: 2.5.6

cpe:2.3:a:tiptap:tiptap/extension-link:2.5.6
Tiptap » Tiptap/extension-Link » Version: 2.5.7

cpe:2.3:a:tiptap:tiptap/extension-link:2.5.7
Tiptap » Tiptap/extension-Link » Version: 2.5.8

cpe:2.3:a:tiptap:tiptap/extension-link:2.5.8
Tiptap » Tiptap/extension-Link » Version: 2.5.9

cpe:2.3:a:tiptap:tiptap/extension-link:2.5.9
Tiptap » Tiptap/extension-Link » Version: 2.6.0

cpe:2.3:a:tiptap:tiptap/extension-link:2.6.0
Tiptap » Tiptap/extension-Link » Version: 2.6.1

cpe:2.3:a:tiptap:tiptap/extension-link:2.6.1
Tiptap » Tiptap/extension-Link » Version: 2.6.2

cpe:2.3:a:tiptap:tiptap/extension-link:2.6.2
Tiptap » Tiptap/extension-Link » Version: 2.6.3

cpe:2.3:a:tiptap:tiptap/extension-link:2.6.3
Tiptap » Tiptap/extension-Link » Version: 2.6.4

cpe:2.3:a:tiptap:tiptap/extension-link:2.6.4
Tiptap » Tiptap/extension-Link » Version: 2.6.5

cpe:2.3:a:tiptap:tiptap/extension-link:2.6.5
Tiptap » Tiptap/extension-Link » Version: 2.6.6

cpe:2.3:a:tiptap:tiptap/extension-link:2.6.6
Tiptap » Tiptap/extension-Link » Version: 2.7.0

cpe:2.3:a:tiptap:tiptap/extension-link:2.7.0
Tiptap » Tiptap/extension-Link » Version: 2.7.1

cpe:2.3:a:tiptap:tiptap/extension-link:2.7.1
Tiptap » Tiptap/extension-Link » Version: 2.7.2

cpe:2.3:a:tiptap:tiptap/extension-link:2.7.2
Tiptap » Tiptap/extension-Link » Version: 2.7.3

cpe:2.3:a:tiptap:tiptap/extension-link:2.7.3
Tiptap » Tiptap/extension-Link » Version: 2.7.4

cpe:2.3:a:tiptap:tiptap/extension-link:2.7.4
Tiptap » Tiptap/extension-Link » Version: 2.8.0

cpe:2.3:a:tiptap:tiptap/extension-link:2.8.0
Tiptap » Tiptap/extension-Link » Version: 2.9.0

cpe:2.3:a:tiptap:tiptap/extension-link:2.9.0
Tiptap » Tiptap/extension-Link » Version: 2.9.1

cpe:2.3:a:tiptap:tiptap/extension-link:2.9.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-14284

Products

Pricing

Contact Us