Versions of bootstrap-select
prior to 1.13.6 are vulnerable to Cross-Site Scripting (XSS). The package does not escape title
values on <option>
tags. This may allow attackers to execute arbitrary JavaScript in a victim’s browser.
Upgrade to version 1.13.6 or later.
CPE | Name | Operator | Version |
---|---|---|---|
bootstrap-select | lt | 1.13.6 |