PT-2020-7935 · Unknown · Bootstrap-Tagsinput

Published

2020-09-01

Updated

2020-09-01

CVE-2016-1000227

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions: bootstrap-tagsinput versions (all)

Description: The issue arises from the failure to properly sanitize or encode user input for the itemTitle parameter, leading to cross-site scripting when user input is passed into this parameter unmodified.

Recommendations: For all versions, consider avoiding the use of the itemTitle parameter as a mitigation measure, or use a fork of the module that is actively maintained and provides similar functionality.

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2016-1000227

GHSA-V2JQ-9475-R5G8

Affected Products

Bootstrap-Tagsinput

PT-2020-7935 · Unknown · Bootstrap-Tagsinput

CVE-2016-1000227

Weakness Enumeration

Related Identifiers

Affected Products

References · 5