@joeattardi/emoji-button is vulnerable to cross-site scripting. The vulnerability exists because the custom emojis of emoji-button doesn’t escape HTML, allowing an attacker to inject and execute malicious javascript.
CPE | Name | Operator | Version |
---|---|---|---|
@joeattardi/emoji-button | eq | 4.5.1 | |
@joeattardi/emoji-button | le | 4.6.2 | |
@joeattardi/emoji-button | eq | 4.5.1 | |
@joeattardi/emoji-button | le | 4.6.2 |