Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cross Site Scripting Vulnerability in @joeattardi/emoji-button
Vulnerability Description
@joeattardi/emoji-button is a Vanilla JavaScript emoji picker component. In affected versions there are two vectors for XSS attacks: a URL for a custom emoji, and an i18n string. In both of these cases, a value can be crafted such that it can insert a `script` tag into the page and execute malicious code.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Emoji-Button 跨站脚本漏洞
Vulnerability Description
Emoji-Button是美国Joe Attardi个人开发者的一个原版 JavaScript 表情符号选择器。 emoji-button 存在跨站脚本漏洞漏洞,该漏洞源于软件在自定义表情符号的URL和i18n字符串缺少有效的过滤与验证,攻击者可以精心设计一个输入值值,使其可以在页面中插入一个“脚本”标记并执行恶意代码。
CVSS Information
N/A
Vulnerability Type
N/A