Nanoseconds Produce Minutes
    Severity: high

    Cross-Site Scripting



    Versions of bootstrap-vue prior to 2.0.0-rc.12 are vulnerable to Cross-Site Scripting. Due to insufficient input sanitization, components may be vulnerable to Cross-Site Scripting through the options variable. This may lead to the execution of malicious JavaScript on the user's browser.


    Upgrade to version 2.0.0-rc.12 or later.


    • (GitHub Issue)[]
    Have content suggestions? Visit

    Advisory timeline

    1. published

      Advisory Published
      Jan 16th, 2019
    2. reported

      Reported by Grover Sean Reyes
      Jan 16th, 2019