Description
Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a cross-site scripting flaw in the highlighter() function. An attacker could exploit this via user interaction to execute code in the user’s browser. This issue was introduced in commit dbd1af5bf and has not been fixed.
Recommendation
No fix is available yet. Followings are affected versions:
- > 4.0.2
References
- GHSA-m2hm-hrr2-6p2q
- access.redhat.com
- lists.opensuse.org
- bugzilla.redhat.com
- CVE-2019-10215
- CWE-79
- CAPEC-310
- OWASP 2021-A3
- OWASP 2021-A6
Related Issues
- counterpart vulnerable to prototype pollution - CVE-2025-57354
- Parse Server has an OAuth login vulnerability - CVE-2025-30168
- Use of Insufficiently Random Values in undici - CVE-2025-22150
- SummerNote Cross Site Scripting Vulnerability - CVE-2024-37629
- Tags:
- npm
- bootstrap-3-typeahead
Anything's wrong? Let us know Last updated on February 03, 2023