Cross-Site Scripting in bootstrap-tagsinput
All versions of bootstrap-tagsinput are vulnerable to cross-site scripting when user input is passed into the itemTitle parameter unmodified, as the package fails to properly sanitize or encode user input for that parameter. Recommendation This package is not actively maintained, and has not seen an update since 2015. Because of this, the simplest mitigation is to avoid using the itemTitle parameter. With over 200 open issues and over 100 open …