Headline
CVE-2022-25854: Release v4.9.8 · yairEO/tagify
This affects the package @yaireo/tagify before 4.9.8. The package is used for rendering UI components inside the input or text fields, and an attacker can pass a malicious placeholder value to it to fire the XSS payload.
Compare
Choose a tag to compare
yairEO released this
· 32 commits to master since this release
v4.9.8
db18415
Compare
Choose a tag to compare
- fixes #989 - fix XSS 198c045
- removed unneeded line after recent change which moved this to another onEditDone 93f729c
- fixes #984 - Readonly tags can be deleted by Backspace d675c3f
- bugfix - in mix-mode, place the caret after a tag which was just edited, instead of before it 9d0787d
- fixes #987 - edit tag bug 0f1ebbc
v4.9.7…v4.9.8
Assets2
- Source code (zip)
- Source code (tar.gz)