CVE-2021-43785

CVE-2021-43785

@joeattardi/emoji-button is a Vanilla JavaScript emoji picker component. In affected versions there are two vectors for XSS attacks: a URL for a custom emoji, and an i18n string. In both of these cases, a value can be crafted such that it can insert a `script` tag into the page and execute malicious code.

Source: CVE-2021-43785

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다