Drupal Tagify security vulnerability

Drupal Tagify is a Drupal module from the Drupal community that integrates the Tagify JavaScript library. Versions of Drupal Tagify prior to 1.2.44 contained a security vulnerability, which was caused by improper input handling and could lead to cross-site scripting attacks...

PT-2026-5202

Name of the Vulnerable Software and Affected Versions Drupal Tagify versions prior to 1.2.44 Description A flaw exists in Drupal Tagify that allows for Cross-Site Scripting XSS. This issue is due to improper neutralization of input during web page generation. The vulnerability could potentially...

DRUPAL-CONTRIB-2025-121

This module enables you to use the Tagify library to enhance text input fields with tag-style UI elements. The module does not sufficiently sanitize the infoLabel value under certain configurations, which can result in a cross-site scripting XSS vulnerability. This vulnerability is mitigated by t...

Tagify - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-121

This module enables you to use the Tagify library to enhance text input fields with tag-style UI elements. The module does not sufficiently sanitize the infoLabel value under certain configurations, which can result in a cross-site scripting XSS vulnerability. This vulnerability is mitigated by t...

EUVD-2022-1805

Malicious code in bioql PyPI...

SUSE CVE-2006-2780

Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via "jsstr tagify," which leads to memory corruption...

Tagify - Moderately critical - Access bypass - SA-CONTRIB-2022-051

This module provides a widget to transform entity reference fields into a more user-friendly tags input component with a great performance. The module doesn't sufficiently check access for the add operation. Users with permission to edit content can view and reference unpublished terms. The edit...

Cross-Site Scripting (XSS)

@yaireo/tagify is vulnerable to cross-site scripting. The vulnerability exists in Tagify function in tagify.js because the placeholder input field is not escaped which allows a attacker to inject and execute arbitrary javascript...

@2dine/framework-ui (>=1.0.4 <=2.1.91), @7h3laughingman/pf2e-helpers (>=7.10.0 <=8.1.0) +73 more potentially affected by CVE-2022-25854 via @yaireo/tagify (>=2.31.6 <=4.37.1)

@yaireo/tagify NPM version =2.31.6, =1.0.4, =7.10.0, =7.10.0, =1.0.18-beta.23, =1.0.0, =1.3.5-beta.744, =2.1.0, =0.0.1, =1.0.0, =1.0.9, =1.0.1, =1.2.42, =1.0.0, =0.8.0, =5.0.3 and more Source cves: CVE-2022-25854 Source advisory: OSV:GHSA-PXPF-V376-7XX5...

tagify can pass a malicious placeholder to initiate the cross-site scripting (XSS) payload

This affects the package @yaireo/tagify before 4.9.8. The package is used for rendering UI components inside the input or text fields, and an attacker can pass a malicious placeholder value to it to fire the cross-site scripting XSS payload...

GHSA-PXPF-V376-7XX5 tagify can pass a malicious placeholder to initiate the cross-site scripting (XSS) payload

This affects the package @yaireo/tagify before 4.9.8. The package is used for rendering UI components inside the input or text fields, and an attacker can pass a malicious placeholder value to it to fire the cross-site scripting XSS payload...

CVE-2022-25854 Cross-site Scripting (XSS)

This affects the package @yaireo/tagify before 4.9.8. The package is used for rendering UI components inside the input or text fields, and an attacker can pass a malicious placeholder value to it to fire the XSS payload...

CVE-2022-25854

This affects the package @yaireo/tagify before 4.9.8. The package is used for rendering UI components inside the input or text fields, and an attacker can pass a malicious placeholder value to it to fire the XSS payload...

Tagify 跨站脚本漏洞

Tagify is a simple, customizable way to convert input fields or text areas into tag components. A security vulnerability existed prior to Tagify version 4.9.8. An attacker could pass it malicious placeholder values to trigger an XSS payload...

PT-2022-17570 · Npm · @Yaireo/Tagify

Name of the Vulnerable Software and Affected Versions: @yaireo/tagify versions prior to 4.9.8 Description: The issue affects the package used for rendering UI components inside input or text fields. An attacker can pass a malicious placeholder value to fire the cross-site scripting XSS payload...

@7h3laughingman/pf2e-helpers (>=7.10.0 <=8.1.0), @7h3laughingman/pf2e-types (>=7.10.0 <=8.0.2) +54 more potentially affected by CVE-2022-25854 via @yaireo/tagify (>=4.16.4 <=4.37.1)

@yaireo/tagify NPM version =4.16.4, =7.10.0, =7.10.0, =1.0.18-beta.23, =1.0.0, =1.3.5-beta.744, =2.1.0, =0.0.1, =1.0.0, =1.0.9, =1.0.1, =1.2.42, =1.0.0, =0.8.0, =0.5.0, =0.48.21 and more Source cves: CVE-2022-25854 Source advisory: SNYK:JS-YAIREOTAGIFY-2404358...

security flaw

Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via "jsstr tagify," which leads to memory corruption...

security flaw

Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via "jsstr tagify," which leads to memory corruption...

security flaw

Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via "jsstr tagify," which leads to memory corruption...

security flaw

Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via "jsstr tagify," which leads to memory corruption...