bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-09-30T12:30:36
Updated: 2024-08-05T03:00:18.852Z
Reserved: 2020-09-30T00:00:00
Link: CVE-2019-20921
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-09-30T18:15:18.007
Modified: 2020-10-05T16:49:06.507
Link: CVE-2019-20921
Redhat