Lucene search
GoogleOSV:GHSA-9R7H-6639-V5MWHistorySep 03, 2020 - 3:54 p.m.
Cross-Site Scripting in bootstrap-select
2020-09-0315:54:00
Google
osv.dev
8
0.001 Low
EPSS
Percentile
49.9%
Versions of bootstrap-select prior to 1.13.6 are vulnerable to Cross-Site Scripting (XSS). The package does not escape title values on <option> tags. This may allow attackers to execute arbitrary JavaScript in a victim’s browser.
Recommendation
Upgrade to version 1.13.6 or later.
| CPE | Name | Operator | Version |
|---|---|---|---|
| bootstrap-select | lt | 1.13.6 |
Related
veracode
veracode
Cross-site Scripting (XSS)
2017-08-18 10:09:01
osv
osv
Cross-site scripting in bootstrap-select
2021-05-07 16:47:54
CVE-2019-20921
2020-09-30 18:15:18
nodejs
nodejs
Cross-site scripting in bootstrap-select
2021-05-07 16:49:09
nvd
nvd
CVE-2019-20921
2020-09-30 18:15:18
prion
prion
Cross site scripting
2020-09-30 18:15:00
cvelist
cvelist
CVE-2019-20921
2020-09-30 12:30:36
github
github
Cross-site scripting in bootstrap-select
2021-05-07 16:47:54
nessus
nessus
cve
cve
CVE-2019-20921
2020-09-30 18:15:18
redhatcve
redhatcve
CVE-2019-20921
2020-09-30 16:17:52
