GitHub Advisory DatabaseGHSA-M2HM-HRR2-6P2QCross-site Scripting in Bootstrap-3-Typeahead
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.002 Low
EPSS
Percentile
56.5%
Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a cross-site scripting flaw in the highlighter() function. An attacker could exploit this via user interaction to execute code in the user’s browser. This issue was introduced in commit dbd1af5bf and has not been fixed.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| bassjobsen/bootstrap-3-typeahead | gt | 4.0.2 | |
| bootstrap-3-typeahead | gt | 4.0.2 |
References
lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html
access.redhat.com/errata/RHSA-2019:3771
access.redhat.com/security/cve/CVE-2019-10215
bugzilla.redhat.com/show_bug.cgi?id=1735506
github.com/advisories/GHSA-m2hm-hrr2-6p2q
github.com/bassjobsen/Bootstrap-3-Typeahead
github.com/bassjobsen/Bootstrap-3-Typeahead/commit/dbd1af5bfb14592213e3d88f1fa8f726b93f8a1e
nvd.nist.gov/vuln/detail/CVE-2019-10215
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.002 Low
EPSS
Percentile
56.5%