Joe Attardi

2 exploits Active since Nov 2021
CVE-2021-43785 WRITEUP HIGH WRITEUP
emoji-button < 4.6.2 - Cross-Site Scripting via Custom Emoji URL or i18n String
@joeattardi/emoji-button is a Vanilla JavaScript emoji picker component. In affected versions there are two vectors for XSS attacks: a URL for a custom emoji, and an i18n string. In both of these cases, a value can be crafted such that it can insert a `script` tag into the page and execute malicious code.
CVSS 7.6
CVE-2021-43785 WRITEUP HIGH WRITEUP
emoji-button < 4.6.2 - Cross-Site Scripting via Custom Emoji URL or i18n String
@joeattardi/emoji-button is a Vanilla JavaScript emoji picker component. In affected versions there are two vectors for XSS attacks: a URL for a custom emoji, and an i18n string. In both of these cases, a value can be crafted such that it can insert a `script` tag into the page and execute malicious code.
CVSS 7.6