CVE-2019-10215

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in packagist/bassjobsen/bootstrap-3-typeahead

Identifiers

GHSA-m2hm-hrr2-6p2q, CVE-2019-10215

Package Slug

packagist/bassjobsen/bootstrap-3-typeahead

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a cross-site scripting flaw in the highlighter() function. An attacker could exploit this via user interaction to execute code in the user's browser.

Affected Versions

All versions after 4.0.2

Solution

Unfortunately, there is no solution available yet.

Last Modified

2023-02-03

source