CVE-2021-43785 HIGH

CVE-2021-43785: Cross Site Scripting Vulnerability in @joeattardi/emoji-button

Vendor Joeattardi

Product emoji-button

Weakness CWE-79 · XSS

Published November 26, 2021

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

7.6/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality High

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

What the vulnerability does

01Description

@joeattardi/emoji-button is a Vanilla JavaScript emoji picker component. In affected versions there are two vectors for XSS attacks: a URL for a custom emoji, and an i18n string. In both of these cases, a value can be crafted such that it can insert a `script` tag into the page and execute malicious code.

Key dates

02Disclosure timeline

November 26, 2021 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-43785 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

CVE-2021-43785: Cross Site Scripting Vulnerability in @joeattardi/emoji-button

01Description

02Disclosure timeline

03References

04Related CVE