CVE-2016-1000231 — Cross-Site Scripting in emojione

Description

Affected versions of `emojione` are vulnerable to cross-site scripting when user input is passed into the `toShort()`, `shortnameToImage()`, `unicodeToImage()`, and `toImage()` functions. ## Recommendation Update to version 1.3.1 or later.

How to fix CVE-2016-1000231

To remediate CVE-2016-1000231, upgrade the affected package to a fixed version below.

npm/emojione—upgrade to 1.3.1 or later

Is CVE-2016-1000231 being exploited?

No exploitation signal available. Neither CISA KEV nor a current EPSS score has been published for CVE-2016-1000231.

Affected packages (1)

from 0, < 1.3.1

References (5)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2016-1000231
WEBgithub.com/joypixels/emojione/commit/613079b16c00e47fb3c44744a67ed88a9295afb1
WEBgithub.com/joypixels/emojione/commits/v1.3.1
WEBgithub.com/Ranks/emojione
WEB