CVE-2019-10215 – bootstrap3-typeahead.js: Cross-site scripting via highlighter() function

https://notcve.org/view.php?id=CVE-2019-10215

Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a cross-site scripting flaw in the highlighter() function. An attacker could exploit this via user interaction to execute code in the user's browser. Bootstrap-3-Typeahead posterior a la versión 4.0.2, es vulnerable a un fallo de tipo cross-site scripting en la función highlighter(). Un atacante podría explotar esto mediante la interacción del usuario para ejecutar código en el navegador del usuario. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html https://access.redhat.com/errata/RHSA-2019:3771 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10215 https://access.redhat.com/security/cve/CVE-2019-10215 https://bugzilla.redhat.com/show_bug.cgi?id=1735506 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •