Skip to content

Cross-Site Scripting in bootstrap-vue

High severity GitHub Reviewed Published Sep 2, 2020 to the GitHub Advisory Database • Updated Apr 3, 2023

Package

npm bootstrap-vue (npm)

Affected versions

<= 2.0.0-rc.11

Patched versions

2.0.0-rc.12

Description

Versions of bootstrap-vue prior to 2.0.0-rc.12 are vulnerable to Cross-Site Scripting. Due to insufficient input sanitization, components may be vulnerable to Cross-Site Scripting through the options variable. This may lead to the execution of malicious JavaScript on the user's browser.

Recommendation

Upgrade to version 2.0.0-rc.12 or later.

References

Reviewed Aug 31, 2020
Published to the GitHub Advisory Database Sep 2, 2020
Last updated Apr 3, 2023

Severity

High

Weaknesses

CVE ID

No known CVE

GHSA ID

GHSA-c7pp-x73h-4m2v

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.