Vulnerabilities

CVE-2022-25854

by Fred · 29/04/2022

This affects the package @yaireo/tagify before 4.9.8. The package is used for rendering UI components inside the input or text fields, and an attacker can pass a malicious placeholder value to it to fire the XSS payload.

Date published : 2022-04-29

https://github.com/yairEO/tagify/commit/198c0451fad188390390395ccfc84ab371def4c7

https://github.com/yairEO/tagify/issues/988

Related

Tags: Cybersecurity Alert