CVE-2019-20921

Опубликовано: 30 сент. 2020

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.

Ссылки

https://github.com/advisories/GHSA-9r7h-6639-v5mw
Third Party Advisory
https://github.com/snapappointments/bootstrap-select/issues/2199
Patch
Third Party Advisory
https://issues.jtl-software.de/issues/SHOP-7964
https://snyk.io/vuln/SNYK-JS-BOOTSTRAPSELECT-570457
Third Party Advisory
https://www.npmjs.com/advisories/1522
Third Party Advisory
https://github.com/advisories/GHSA-9r7h-6639-v5mw
Third Party Advisory
https://github.com/snapappointments/bootstrap-select/issues/2199
Patch
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-BOOTSTRAPSELECT-570457
Third Party Advisory
https://www.npmjs.com/advisories/1522
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:snapappointments:bootstrap-select:*:*:*:*:*:node.js:*:*

Версия до 1.13.6 (исключая)

EPSS

Процентиль: 67%

0.00545

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2019-20921

CVSS3: 6.1

redhat

почти 7 лет назад

bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.

GHSA-7c82-mp33-r854

CVSS3: 6.1

github

почти 5 лет назад

Cross-site scripting in bootstrap-select

EPSS

Процентиль: 67%

0.00545

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79