Severity: high

Cross-Site Scripting



All versions of bootstrap-vue are vulnerable to Cross-Site Scripting. Due to insufficient input sanitization, components may be vulnerable to Cross-Site Scripting through the options variable. This may lead to the execution of malicious JavaScript on the user's browser.


No fix is currently available. Consider using an alternative module until a fix is made available.


  • (GitHub Issue)[]
Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory Published
    Jan 16th, 2019
  2. reported

    Jan 16th, 2019