Lucene search
Veracode Vulnerability DatabaseVERACODE:33132HistoryNov 29, 2021 - 4:45 p.m.
Cross-site Scripting (XSS)
2021-11-2916:45:01
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
0.001 Low
EPSS
Percentile
31.9%
@joeattardi/emoji-button is vulnerable to cross-site scripting. The vulnerability exists because the custom emojis of emoji-button doesn’t escape HTML, allowing an attacker to inject and execute malicious javascript.
| CPE | Name | Operator | Version |
|---|---|---|---|
| @joeattardi/emoji-button | eq | 4.5.1 | |
| @joeattardi/emoji-button | le | 4.6.2 | |
| @joeattardi/emoji-button | eq | 4.5.1 | |
| @joeattardi/emoji-button | le | 4.6.2 |
Related
cve
cve
CVE-2021-43785
2021-11-26 19:15:08
cvelist
cvelist
osv
osv
Cross-Site Scripting Vulnerability in @joeattardi/emoji-button
2021-12-01 18:29:02
CVE-2021-43785
2021-11-26 19:15:08
prion
prion
Code injection
2021-11-26 19:15:00
github
github
Cross-Site Scripting Vulnerability in @joeattardi/emoji-button
2021-12-01 18:29:02
cnvd
cnvd
Emoji-Button Cross-Site Scripting Vulnerability
2021-11-30 00:00:00
nvd
nvd
CVE-2021-43785
2021-11-26 19:15:08