Overview
Versions of bootstrap-vue prior to 2.0.0-rc.12 are vulnerable to Cross-Site Scripting. Due to insufficient input sanitization, components may be vulnerable to Cross-Site Scripting through the options variable. This may lead to the execution of malicious JavaScript on the user's browser.
Remediation
Upgrade to version 2.0.0-rc.12 or later.
Resources
- (GitHub Issue)[https://github.com/bootstrap-vue/bootstrap-vue/issues/1974]
Have content suggestions? Send them to [email protected]
Advisory timeline
published
Advisory PublishedJan 16th, 2019reported
Reported by Grover Sean ReyesJan 16th, 2019
