react-chat-widget-all-dream (>=2.1.6 <=2.3.1) potentially affected by CVE-2021-43785 via @joeattardi/emoji-button (=2.12.1)

@joeattardi/emoji-button NPM version =2.12.1 is affected by a known vulnerability. The following packages have a transitive dependency on @joeattardi/emoji-button and may be impacted: - react-chat-widget-all-dream =2.1.6, =2.3.1 Source cves: CVE-2021-43785 Source advisory: OSV:GHSA-F34M-X9PJ-62VQ...

Cross-site Scripting (XSS)

@joeattardi/emoji-button is vulnerable to cross-site scripting. The vulnerability exists because the custom emojis of emoji-button doesn't escape HTML, allowing an attacker to inject and execute malicious javascript...

CVE-2021-43785

CVE-2021-43785 affects the @joeattardi/emoji-button Vanilla JavaScript emoji picker. The vulnerability comprises two XSS vectors: (1) a URL used for a custom emoji and (2) an i18n string. In affected versions, crafted values can cause a script tag to be inserted into the HTML, enabling malicious ...

CVE-2021-43785 Cross Site Scripting Vulnerability in @joeattardi/emoji-button

@joeattardi/emoji-button is a Vanilla JavaScript emoji picker component. In affected versions there are two vectors for XSS attacks: a URL for a custom emoji, and an i18n string. In both of these cases, a value can be crafted such that it can insert a script tag into the page and execute maliciou...

Emoji-Button 跨站脚本漏洞

Emoji-Button is a native JavaScript emoji selector. emoji-Button is vulnerable to a cross-site scripting vulnerability that stems from the lack of effective filtering and validation of URLs and i18n strings in the software for custom emoji, which could be exploited by an attacker to craft an inpu...

OPENSUSE-SU-2021:1434-1 Security update for opera

This update for opera fixes the following issues: Opera was updated to version 80.0.4170.63 - CHR-8612 Update chromium on desktop-stable-94-4170 to 94.0.4606.81 - DNA-95434 Crash at opera::ThemesService::UpdateCurrentTheme - The update to chromium 94.0.4606.81 fixes following issues:...

Security update for opera (important)

openSUSE Security Update: Security update for opera Announcement ID: openSUSE-SU-2021:1434-1 Rating: important References: Cross-References: CVE-2021-37974 CVE-2021-37975 CVE-2021-37976 CVE-2021-37977 CVE-2021-37978 CVE-2021-37979 CVE-2021-37980 Affected Products: openSUSE Leap 15.3:NonFree An...

Security update for opera (important)

openSUSE Security Update: Security update for opera Announcement ID: openSUSE-SU-2021:1433-1 Rating: important References: Cross-References: CVE-2021-37974 CVE-2021-37975 CVE-2021-37976 CVE-2021-37977 CVE-2021-37978 CVE-2021-37979 CVE-2021-37980 Affected Products: openSUSE Leap 15.2:NonFree An...