emojione@1.1.0 vulnerabilities
EmojiOne is a complete set of emojis designed for the web. It includes libraries to easily convert unicode characters to shortnames (:smile:) and shortnames to our custom emoji images. PNG formats provided for the emoji images.
-
latest version
4.5.0
-
latest non vulnerable version
-
first published
10 years ago
-
latest version published
5 years ago
-
licenses detected
- >=1.0.0 <1.2.0
Direct Vulnerabilities
Known vulnerabilities in the emojione package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
emojione is a complete set of emojis designed for the web. It includes libraries to easily convert unicode characters to shortnames (:smile:) and shortnames to our custom emoji images. PNG formats provided for the emoji images. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). While this package doesn't control this decision, emoji shortcodes are typically provided by users as part of some interaction or comment, and often persist on the page. Therefore, sanitizing them to prevent scripts is critical. While How to fix Cross-site Scripting (XSS)? Upgrade |
<1.3.1
|