Moderate severityNVD Advisory· Published Sep 30, 2020· Updated Nov 25, 2024

CVE-2019-20921

Description

bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
bootstrap-selectnpm	< 1.13.6	1.13.6
bootstrap-selectNuGet	< 1.13.6	1.13.6

Affected products

bootstrap-select/bootstrap-selectdescription
ghsa-coords2 versions
pkg:npm/bootstrap-select pkg:nuget/bootstrap-select
< 1.13.6+ 1 more
- (no CPE)range: < 1.13.6
- (no CPE)range: < 1.13.6

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-7c82-mp33-r854ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2019-20921ghsaADVISORY
github.com/snapappointments/bootstrap-select/commit/ab6e068748040cf3cda5859f6349b382402b8767ghsaWEB
github.com/snapappointments/bootstrap-select/issues/2199ghsaWEB
issues.jtl-software.de/issues/SHOP-7964ghsaWEB
snyk.io/vuln/SNYK-JS-BOOTSTRAPSELECT-570457ghsaWEB
github.com/advisories/GHSA-9r7h-6639-v5mwmitre
www.npmjs.com/advisories/1522mitre

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.001
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000