npm

Severity: high

Cross-Site Scripting

bootstrap-vue

Overview

Versions of bootstrap-vue prior to 2.0.0-rc.12 are vulnerable to Cross-Site Scripting. Due to insufficient input sanitization, components may be vulnerable to Cross-Site Scripting through the options variable. This may lead to the execution of malicious JavaScript on the user's browser.

Remediation

Upgrade to version 2.0.0-rc.12 or later.

Resources

  • (GitHub Issue)[https://github.com/bootstrap-vue/bootstrap-vue/issues/1974]
Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory Published
    Jan 16th, 2019
  2. reported

    Reported by Grover Sean Reyes
    Jan 16th, 2019