CVE-2019-20921: Cross-site scripting in bootstrap-select
(updated )
bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim’s browser.
References
- github.com/advisories/GHSA-7c82-mp33-r854
- github.com/snapappointments/bootstrap-select
- github.com/snapappointments/bootstrap-select/commit/ab6e068748040cf3cda5859f6349b382402b8767
- github.com/snapappointments/bootstrap-select/issues/2199
- issues.jtl-software.de/issues/SHOP-7964
- nvd.nist.gov/vuln/detail/CVE-2019-20921
- snyk.io/vuln/SNYK-JS-BOOTSTRAPSELECT-570457
Code Behaviors & Features
Detect and mitigate CVE-2019-20921 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →