Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-pxpf-v376-7xx5: tagify can pass a malicious placeholder to initiate the cross-site scripting (XSS) payload

This affects the package @yaireo/tagify before 4.9.8. The package is used for rendering UI components inside the input or text fields, and an attacker can pass a malicious placeholder value to it to fire the cross-site scripting (XSS) payload.

ghsa
#xss#git

tagify can pass a malicious placeholder to initiate the cross-site scripting (XSS) payload

Moderate severity GitHub Reviewed Published Apr 30, 2022 • Updated May 3, 2022

Related news

GHSA-jv64-2m3x-6v4q: Cross-site scripting (XSS) vulnerability exists in the "contact us" plugin for Subrion CMS

A cross-site scripting (XSS) vulnerability exists in the "contact us" plugin for Subrion CMS <= 4.2.1 version via "List of subjects".

GHSA-vmp5-c5hp-6c65: Woodpecker allows cross-site scripting (XSS) via build logs

Woodpecker before 0.15.1 allows XSS via build logs because web/src/components/repo/build/BuildLog.vue lacks escaping.

ghsa: Latest News

GHSA-49cc-xrjf-9qf7: SFTPGo allows administrators to restrict command execution from the EventManager