Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a cross-site scripting flaw in the highlighter() function. An attacker could exploit this via user interaction to execute code in the user’s browser.
CPE | Name | Operator | Version |
---|---|---|---|
bootstrap-3-typeahead | gt | 4.0.2 |