bootstrap-select@1.13.3 vulnerabilities

The jQuery plugin that brings select elements into the 21st century with intuitive multiselection, searching, and much more. Now with Bootstrap 4 support.

  • latest version

    1.13.18

  • latest non vulnerable version

  • first published

    10 years ago

  • latest version published

    4 years ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the bootstrap-select package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Cross-site Scripting (XSS)

    bootstrap-select is an open source toolkit for developing with HTML, CSS, and JS. Quickly prototype your ideas or build your entire app with our Sass variables and mixins, responsive grid system, extensive prebuilt components, and powerful plugins built on jQuery.

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via title and data-content.

    How to fix Cross-site Scripting (XSS)?

    Upgrade bootstrap-select to version 1.13.6 or higher.

    <1.13.6
    • M
    Cross-site Scripting (XSS)

    bootstrap-select is an open source toolkit for developing with HTML, CSS, and JS. Quickly prototype your ideas or build your entire app with our Sass variables and mixins, responsive grid system, extensive prebuilt components, and powerful plugins built on jQuery.

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS). The package does not escape title values on <option> tags. This may allow attackers to execute arbitrary JavaScript in a victim's browser.

    How to fix Cross-site Scripting (XSS)?

    Upgrade bootstrap-select to version 1.13.6 or higher.

    <1.13.6
    • H
    Cross-site Scripting (XSS)

    bootstrap-select is an open source toolkit for developing with HTML, CSS, and JS. Quickly prototype your ideas or build your entire app with our Sass variables and mixins, responsive grid system, extensive prebuilt components, and powerful plugins built on jQuery.

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the use of the data-subtext attribute, in cases where that content originates from a user-controlled input.

    How to fix Cross-site Scripting (XSS)?

    Upgrade bootstrap-select to version 1.13.6 or higher.

    <1.13.6