Severity: high

Cross-Site Scripting



Versions of bootstrap-vue prior to 2.0.0-rc.12 are vulnerable to Cross-Site Scripting. Due to insufficient input sanitization, components may be vulnerable to Cross-Site Scripting through the options variable. This may lead to the execution of malicious JavaScript on the user's browser.


Upgrade to version 2.0.0-rc.12 or later.


  • (GitHub Issue)[]
Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory Published
    Jan 16th, 2019
  2. reported

    Reported by Grover Sean Reyes
    Jan 16th, 2019