CVE-2019-20921

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions bootstrap-select versions prior to 1.13.6

Description The issue allows Cross-Site Scripting (XSS) due to the failure to escape title values in OPTION elements. This may enable attackers to execute arbitrary JavaScript in a victim's browser.

Recommendations For versions prior to 1.13.6, update to version 1.13.6 or later to resolve the issue. As a temporary workaround, consider disabling the use of title values in OPTION elements until a patch is available. Restrict access to potentially vulnerable web pages to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-20921

GHSA-7C82-MP33-R854

GHSA-9R7H-6639-V5MW

RHSA-2021:1169

RHSA-2021:1186

SNYK-JS-BOOTSTRAPSELECT-570457

Affected Products

Bootstrap-Select

CVE-2019-20921

Weakness Enumeration

Related Identifiers

Affected Products

References · 14