{ "dataType": "CVE_RECORD", "cveMetadata": { "state": "PUBLISHED", "cveId": "CVE-2019-20921", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-11-25T17:45:55.390Z", "dateReserved": "2020-09-30T00:00:00.000Z", "datePublished": "2020-09-30T12:30:36.000Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-11-25T17:45:55.390Z" }, "descriptions": [ { "lang": "en", "value": "bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser." } ], "affected": [ { "vendor": "n/a", "product": "n/a", "versions": [ { "version": "n/a", "status": "affected" } ] } ], "references": [ { "url": "https://www.npmjs.com/advisories/1522" }, { "url": "https://snyk.io/vuln/SNYK-JS-BOOTSTRAPSELECT-570457" }, { "url": "https://github.com/advisories/GHSA-9r7h-6639-v5mw" }, { "url": "https://github.com/snapappointments/bootstrap-select/issues/2199" }, { "url": "https://issues.jtl-software.de/issues/SHOP-7964" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ] }, "adp": [ { "providerMetadata": { "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:00:18.852Z" }, "title": "CVE Program Container", "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.npmjs.com/advisories/1522" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://snyk.io/vuln/SNYK-JS-BOOTSTRAPSELECT-570457" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/advisories/GHSA-9r7h-6639-v5mw" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/snapappointments/bootstrap-select/issues/2199" } ] } ] }, "dataVersion": "5.1" }