Количество 2
Количество 2
CVE-2021-43785
@joeattardi/emoji-button is a Vanilla JavaScript emoji picker component. In affected versions there are two vectors for XSS attacks: a URL for a custom emoji, and an i18n string. In both of these cases, a value can be crafted such that it can insert a `script` tag into the page and execute malicious code.
GHSA-f34m-x9pj-62vq
Cross-Site Scripting Vulnerability in @joeattardi/emoji-button
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-43785 @joeattardi/emoji-button is a Vanilla JavaScript emoji picker component. In affected versions there are two vectors for XSS attacks: a URL for a custom emoji, and an i18n string. In both of these cases, a value can be crafted such that it can insert a `script` tag into the page and execute malicious code. | CVSS3: 7.6 | 0% Низкий | около 4 лет назад |
| GHSA-f34m-x9pj-62vq Cross-Site Scripting Vulnerability in @joeattardi/emoji-button | CVSS3: 7.6 | 0% Низкий | около 4 лет назад |
Уязвимостей на страницу