Описание
Cross-Site Scripting in bootstrap-select
Versions of bootstrap-select prior to 1.13.6 are vulnerable to Cross-Site Scripting (XSS). The package does not escape title values on <option> tags. This may allow attackers to execute arbitrary JavaScript in a victim's browser.
Recommendation
Upgrade to version 1.13.6 or later.
Пакеты
Наименование
bootstrap-select
npm
Затронутые версииВерсия исправления
< 1.13.6
1.13.6
Дефекты
CWE-79
Дефекты
CWE-79