CVE-2022-25854

Name of the Vulnerable Software and Affected Versions @yaireo/tagify versions prior to 4.9.8

Description The issue affects the package used for rendering UI components inside input or text fields. An attacker can pass a malicious placeholder value to fire the cross-site scripting (XSS) payload.

Recommendations For versions prior to 4.9.8, update to version 4.9.8 or later to resolve the issue. As a temporary workaround, consider restricting the input of placeholder values to minimize the risk of exploitation.