Overview
All versions of bootstrap-vue are vulnerable to Cross-Site Scripting. Due to insufficient input sanitization, components may be vulnerable to Cross-Site Scripting through the options variable. This may lead to the execution of malicious JavaScript on the user's browser.
Remediation
No fix is currently available. Consider using an alternative module until a fix is made available.
Resources
- (GitHub Issue)[https://github.com/bootstrap-vue/bootstrap-vue/issues/1974]
Have content suggestions? Send them to [email protected]
Advisory timeline
published
Advisory Publishedreported
