Nanoseconds Produce Minutes
    Severity: high

    Cross-Site Scripting

    bootstrap-vue

    Overview

    Versions of bootstrap-vue prior to 2.0.0-rc.12 are vulnerable to Cross-Site Scripting. Due to insufficient input sanitization, components may be vulnerable to Cross-Site Scripting through the options variable. This may lead to the execution of malicious JavaScript on the user's browser.

    Remediation

    Upgrade to version 2.0.0-rc.12 or later.

    Resources

    • (GitHub Issue)[https://github.com/bootstrap-vue/bootstrap-vue/issues/1974]
    Have content suggestions? Visit npmjs.com/support.

    Advisory timeline

    1. published

      Advisory Published
      Jan 16th, 2019
    2. reported

      Reported by Grover Sean Reyes
      Jan 16th, 2019