Description
Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a cross-site scripting flaw in the highlighter() function. An attacker could exploit this via user interaction to execute code in the user’s browser. This issue was introduced in commit dbd1af5bf and has not been fixed.
Recommendation
No fix is available yet. Followings are affected versions:
- > 4.0.2
References
- GHSA-m2hm-hrr2-6p2q
- access.redhat.com
- lists.opensuse.org
- bugzilla.redhat.com
- CVE-2019-10215
- CWE-79
- CAPEC-310
- OWASP 2021-A3
- OWASP 2021-A6
Related Issues
- Cross-site scripting in bootstrap-select - CVE-2019-20921
- Bootstrap Vulnerable to Cross-Site Scripting (GHSA-9v3m-8fp8-mj99) - CVE-2019-8331
- Bootstrap Vulnerable to Cross-Site Scripting - CVE-2019-8331
- DOM-based cross-site scripting in Froala Editor - CVE-2019-19935
- Tags:
- npm
- bootstrap-3-typeahead
Anything's wrong? Let us know Last updated on February 03, 2023