Severity: high

Cross-Site Scripting

bootstrap-vue

Overview

All versions of bootstrap-vue are vulnerable to Cross-Site Scripting. Due to insufficient input sanitization, components may be vulnerable to Cross-Site Scripting through the options variable. This may lead to the execution of malicious JavaScript on the user's browser.

Remediation

No fix is currently available. Consider using an alternative module until a fix is made available.

Resources

  • (GitHub Issue)[https://github.com/bootstrap-vue/bootstrap-vue/issues/1974]
Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory Published
    Jan 16th, 2019
  2. reported

    Jan 16th, 2019