CVE-2019-20921: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
bootstrap-select allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim’s browser.
References
- github.com/advisories/GHSA-7c82-mp33-r854
- github.com/advisories/GHSA-9r7h-6639-v5mw
- github.com/snapappointments/bootstrap-select/commit/ab6e068748040cf3cda5859f6349b382402b8767
- github.com/snapappointments/bootstrap-select/issues/2199
- nvd.nist.gov/vuln/detail/CVE-2019-20921
- snyk.io/vuln/SNYK-JS-BOOTSTRAPSELECT-570457
- www.npmjs.com/advisories/1522
Detect and mitigate CVE-2019-20921 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →