This affects versions prior to 1.19.1 of package bootstrap-table. A type confusion vulnerability can lead to a bypass of input sanitization when the input provided to the escapeHTML function is an array (instead of a string) even if the escape attribute is set.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bootstrap-table bootstrap table |