Vulnerabilities

CVE-2021-43785

by Fred · 26/11/2021

@joeattardi/emoji-button is a Vanilla JavaScript emoji picker component. In affected versions there are two vectors for XSS attacks: a URL for a custom emoji, and an i18n string. In both of these cases, a value can be crafted such that it can insert a `script` tag into the page and execute malicious code.

Date published : 2021-11-26

https://github.com/joeattardi/emoji-button/security/advisories/GHSA-f34m-x9pj-62vq

https://github.com/joeattardi/emoji-button/commit/05970c09180cd27fff493e998ac5bf0468b1bb16

Similar

Tags: Cybersecurity Alert