CVE-2022-25854 Cross-site Scripting (XSS)

This affects the package @yaireo/tagify before 4.9.8. The package is used for rendering UI components inside the input or text fields, and an attacker can pass a malicious placeholder value to it to fire the XSS payload...

PT-2022-17570 · Npm · @Yaireo/Tagify

Name of the Vulnerable Software and Affected Versions: @yaireo/tagify versions prior to 4.9.8 Description: The issue affects the package used for rendering UI components inside input or text fields. An attacker can pass a malicious placeholder value to fire the cross-site scripting XSS payload...

@7h3laughingman/pf2e-helpers (>=7.10.0 <=8.1.0), @7h3laughingman/pf2e-types (>=7.10.0 <=8.0.2) +54 more potentially affected by CVE-2022-25854 via @yaireo/tagify (>=4.16.4 <=4.37.1)

@yaireo/tagify NPM version =4.16.4, =7.10.0, =7.10.0, =1.0.18-beta.23, =1.0.0, =1.3.5-beta.744, =2.1.0, =0.0.1, =1.0.0, =1.0.9, =1.0.1, =1.2.42, =1.0.0, =0.8.0, =0.5.0, =0.48.21 and more Source cves: CVE-2022-25854 Source advisory: SNYK:JS-YAIREOTAGIFY-2404358...