This repository has been archived by the owner on Jul 21, 2023. It is now read-only.
CVE-2019-20921 (Medium) detected in bootstrap-select-1.12.2.tgz #1165
Labels
Mend: dependency security vulnerability
Security vulnerability detected by WhiteSource
CVE-2019-20921 - Medium Severity Vulnerability
Vulnerable Library - bootstrap-select-1.12.2.tgz
Bootstrap-select is a jQuery plugin that utilizes Bootstrap's dropdown.js to style and bring additional functionality to standard select elements.
Library home page: https://registry.npmjs.org/bootstrap-select/-/bootstrap-select-1.12.2.tgz
Dependency Hierarchy:
Found in HEAD commit: 63bdcc254e4f79ed8aca650620a1d185cb267336
Found in base branch: master
Vulnerability Details
bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.
Publish Date: 2020-09-30
URL: CVE-2019-20921
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1522
Release Date: 2020-10-05
Fix Resolution: bootstrap-select - 1.13.6
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: