GHSA-m2hm-hrr2-6p2q, CVE-2019-10215
packagist/bassjobsen/bootstrap-3-typeahead
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a cross-site scripting flaw in the highlighter() function. An attacker could exploit this via user interaction to execute code in the user's browser.
All versions after 4.0.2
Unfortunately, there is no solution available yet.
2023-02-03
source |