CVE-2022-25854
Published
CVSS v3
5.4
MEDIUM
CVSS v2
3.5
LOW
Affected
1
PROJECT
Description
This affects the package @yaireo/tagify before 4.9.8. The package is used for rendering UI components inside the input or text fields, and an attacker can pass a malicious placeholder value to it to fire the XSS payload.
🔖 lightweight, efficient Tags input component in Vanilla JS / React / Angular / Vue
GitHub