Roman Rott

**Name of the Vulnerable Software and Affected Versions** @yaireo/tagify versions prior to 4.9.8 **Description** The issue affects the package used for rendering UI components inside input or text fields. An attacker can pass a malicious placeholder value to fire the cross-site scripting (XSS) payload. **Recommendations** For versions prior to 4.9.8, update to version 4.9.8 or later to resolve the issue. As a temporary workaround, consider restricting the input of placeholder values to minimize the risk of exploitation.