EPSS
Percentile
43.9%
@yaireo/tagify is vulnerable to cross-site scripting. The vulnerability exists in Tagify function in tagify.js because the placeholder input field is not escaped which allows a attacker to inject and execute arbitrary javascript.
Tagify
tagify.js
bsg.tech/blog/cve-2022-25854-stored-xss-in-yaireo-tagify-npm-module/
github.com/advisories/GHSA-pxpf-v376-7xx5
github.com/yairEO/tagify/commit/198c0451fad188390390395ccfc84ab371def4c7
github.com/yairEO/tagify/issues/988
github.com/yairEO/tagify/releases/tag/v4.9.8