Description
This affects versions before 1.19.1 of package bootstrap-table. A type confusion vulnerability can lead to a bypass of input sanitization when the input provided to the escapeHTML function is an array (instead of a string) even if the escape attribute is set.
Remediation
References
Related Vulnerabilities
PHP Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-19520)
Django Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2023-46695)
Oracle JRE CVE-2013-5844 Vulnerability (CVE-2013-5844)
WordPress Plugin Chamber Dashboard Member Manager Cross-Site Scripting (2.0.5)
WordPress Plugin WP Admin UI Customize Cross-Site Scripting (1.5.2.6)