@yaireo/tagify is vulnerable to cross-site scripting. The vulnerability exists in Tagify
function in tagify.js
because the placeholder input field is not escaped which allows a attacker to inject and execute arbitrary javascript.
CPE | Name | Operator | Version |
---|---|---|---|
@yaireo/tagify | le | 4.9.7 | |
@yaireo/tagify | le | 4.9.7 |