Cross-site Scripting (XSS)

2017-08-1810:09:01

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

49.9%

JSON

bootstrap-select is vulnerable to cross-site scripting (XSS) attacks. The library does not sanitize the titles of the options, allowing a malicious user to inject and execute arbitrary javascript.

CPENameOperatorVersion
bootstrap-selectle1.13.5
ovirt-web-uieq1.6.5__1.el8ev
ovirt-web-uieq1.6.6__1.el8ev
ovirt-web-uieq1.6.4__1.el8ev
ovirt-web-uieq1.6.3__1.el8ev
ovirt-engine-ui-extensionseq1.2.4__1.el8ev
ovirt-engine-ui-extensionseq1.2.2__1.el8ev
ovirt-engine-ui-extensionseq1.2.3__1.el8ev
bootstrap-selectle1.13.5

Name	Operator	Version
bootstrap-select	le	1.13.5
ovirt-web-ui	eq	1.6.5__1.el8ev
ovirt-web-ui	eq	1.6.6__1.el8ev
ovirt-web-ui	eq	1.6.4__1.el8ev
ovirt-web-ui	eq	1.6.3__1.el8ev
ovirt-engine-ui-extensions	eq	1.2.4__1.el8ev
ovirt-engine-ui-extensions	eq	1.2.2__1.el8ev
ovirt-engine-ui-extensions	eq	1.2.3__1.el8ev
bootstrap-select	le	1.13.5