Cross-Site Scripting Vulnerability in Bootstrap-3-Typeahead's highlighter() Function

CVE-2019-10215 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a cross-site scripting flaw in the highlighter() function. An attacker could exploit this via user interaction to execute code in the user's browser.

Learn more about our User Device Pen Test.