CVE-2019-20921 (Medium) detected in bootstrap-select-1.12.4.tgz, bootstrap-select-1.12.2.tgz #1717
Labels
Mend: dependency security vulnerability
Security vulnerability detected by WhiteSource
CVE-2019-20921 - Medium Severity Vulnerability
Vulnerable Libraries - bootstrap-select-1.12.4.tgz, bootstrap-select-1.12.2.tgz
bootstrap-select-1.12.4.tgz
Bootstrap-select is a jQuery plugin that utilizes Bootstrap's dropdown.js to style and bring additional functionality to standard select elements.
Library home page: https://registry.npmjs.org/bootstrap-select/-/bootstrap-select-1.12.4.tgz
Path to dependency file: /package.json
Path to vulnerable library: /package.json
Dependency Hierarchy:
bootstrap-select-1.12.2.tgz
Bootstrap-select is a jQuery plugin that utilizes Bootstrap's dropdown.js to style and bring additional functionality to standard select elements.
Library home page: https://registry.npmjs.org/bootstrap-select/-/bootstrap-select-1.12.2.tgz
Path to dependency file: /package.json
Path to vulnerable library: /package.json
Dependency Hierarchy:
Found in HEAD commit: 5def65f0b4206a5ad7d8195b61a34437fb09ec9d
Found in base branch: master
Vulnerability Details
bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.
Mend Note: Converted from WS-2020-0098, on 2022-11-08.
Publish Date: 2020-09-30
URL: CVE-2019-20921
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1522
Release Date: 2020-10-05
Fix Resolution: bootstrap-select - 1.13.6
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: