bootstrap-select@1.13.0-alpha vulnerabilities

The jQuery plugin that brings select elements into the 21st century with intuitive multiselection, searching, and much more. Now with Bootstrap 4 support.

Direct Vulnerabilities

Known vulnerabilities in the bootstrap-select package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Cross-site Scripting (XSS)

bootstrap-select is an open source toolkit for developing with HTML, CSS, and JS. Quickly prototype your ideas or build your entire app with our Sass variables and mixins, responsive grid system, extensive prebuilt components, and powerful plugins built on jQuery.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via title and data-content.

How to fix Cross-site Scripting (XSS)?

Upgrade bootstrap-select to version 1.13.6 or higher.

<1.13.6
  • M
Cross-site Scripting (XSS)

bootstrap-select is an open source toolkit for developing with HTML, CSS, and JS. Quickly prototype your ideas or build your entire app with our Sass variables and mixins, responsive grid system, extensive prebuilt components, and powerful plugins built on jQuery.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS). The package does not escape title values on <option> tags. This may allow attackers to execute arbitrary JavaScript in a victim's browser.

How to fix Cross-site Scripting (XSS)?

Upgrade bootstrap-select to version 1.13.6 or higher.

<1.13.6
  • H
Cross-site Scripting (XSS)

bootstrap-select is an open source toolkit for developing with HTML, CSS, and JS. Quickly prototype your ideas or build your entire app with our Sass variables and mixins, responsive grid system, extensive prebuilt components, and powerful plugins built on jQuery.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the use of the data-subtext attribute, in cases where that content originates from a user-controlled input.

How to fix Cross-site Scripting (XSS)?

Upgrade bootstrap-select to version 1.13.6 or higher.

<1.13.6