tagify can pass a malicious placeholder to initiate the cross-site scripting (XSS) payload

🗓️ 30 Apr 2022 00:33:00Reported by GitHub Advisory DatabaseType

tagify package XSS vulnerabilit

Reporter	Title	Published	Views	Family All 7
Cvelist	CVE-2022-25854 Cross-site Scripting (XSS)	29 Apr 202220:00	–	cvelist
OSV	tagify can pass a malicious placeholder to initiate the cross-site scripting (XSS) payload	30 Apr 202200:00	–	osv
OSV	CVE-2022-25854	29 Apr 202220:15	–	osv
NVD	CVE-2022-25854	29 Apr 202220:15	–	nvd
CVE	CVE-2022-25854	29 Apr 202220:15	–	cve
Veracode	Cross-Site Scripting (XSS)	4 May 202213:01	–	veracode
Prion	Cross site scripting	29 Apr 202220:15	–	prion

Vulners

Node

yaireo tagifyRange<4.9.8

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2022-25854
github	www.github.com/yairEO/tagify/issues/988
github	www.github.com/yairEO/tagify/commit/198c0451fad188390390395ccfc84ab371def4c7
github	www.github.com/yairEO/tagify/releases/tag/v4.9.8
snyk	www.snyk.io/vuln/SNYK-JS-YAIREOTAGIFY-2404358
bsg	www.bsg.tech/blog/cve-2022-25854-stored-xss-in-yaireo-tagify-npm-module/
github	www.github.com/advisories/GHSA-pxpf-v376-7xx5

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

30 Apr 2022 00:00Current

2.8Low risk

Vulners AI Score2.8

CVSS23.5

CVSS35.4

EPSS0.0011

CWE-79