Cross-Site Scripting (XSS)

2019-08-2609:55:10

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

EPSS

0.001

Percentile

29.3%

JSON

bolt/bolt is vulnerable to cross-site scripting (XSS) attacks. The library does not properly sanitize the user input, allowing a malicious attacker to inject and execute arbitrary html and script code into the web site through an image’s alt or the title field.