CVE-2022-25854
This affects the package @yaireo/tagify before 4.9.8. The package is used for rendering UI components inside the input or text fields, and an attacker can pass a malicious placeholder value to it to fire the XSS payload.
Date published : 2022-04-29
https://github.com/yairEO/tagify/commit/198c0451fad188390390395ccfc84ab371def4c7