npm

Severity: high

Cross-Site Scripting

emojione

Overview

Affected versions of emojione are vulnerable to cross-site scripting when user input is passed into the toShort(), shortnameToImage(), unicodeToImage(), and toImage() functions.

Remediation

Update to version 1.3.1 or later.

Resources

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory published
    Jul 25th, 2016
  2. reported

    Initial report by Andrea Giammarchi
    Jul 22nd, 2016