WordPress Plugin Bootstrap Shortcodes 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

Security fix for the ALT Linux 10 package dotnet-bootstrap-6.0 version 6.0.12-alt1

6.0.12-alt1 built Feb. 20, 2023 Vitaly Lipatov in task 315307 Dec. 27, 2022 Vitaly Lipatov - The .NET 6.0.12 and .NET SDK 6.0.112 releases - CVE-2022-41032: .NET Elevation of Privilege Vulnerability - CVE-2022-38013: .NET Denial of Service Vulnerability - CVE-2022-34716: .NET Information Disclosu...

Security fix for the ALT Linux 10 package dotnet-bootstrap-3.1 version 3.1.26-alt1

3.1.26-alt1 built Feb. 20, 2023 Vitaly Lipatov in task 315307 Aug. 5, 2022 Vitaly Lipatov - .NET Core 3.1.26 and .NET Core SDK 3.1.420 releases - CVE-2022-30184: .NET Information Disclosure Vulnerability - CVE-2022-29117: .NET Denial of Service Vulnerability - CVE-2022-29145: .NET Denial of Servi...

CVE-2022-45153

An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.11.27 security update

Red Hat OpenShift Container Platform release 4.11.27 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, whi...

SUSE CVE-2003-0039

ISC dhcrelay dhcp-relay 3.0rc9 and earlier, and possibly other versions, allows remote attackers to cause a denial of service packet storm via a certain BOOTP packet that is forwarded to a broadcast MAC address, causing an infinite loop that is not restricted by a hop count...

SUSE CVE-2011-2749

The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service daemon exit via a crafted BOOTP packet...

SUSE CVE-2018-14041

In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy...

SUSE CVE-2019-10215

Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a cross-site scripting flaw in the highlighter function. An attacker could exploit this via user interaction to execute code in the user's browser...

SUSE CVE-2019-10842

Arbitrary code execution via backdoor code was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the cfduid cookie value with base64 arbitrary code to be executed via eval, which can be leveraged to execute arbitrary code on the target...

SUSE CVE-2019-13314

virt-bootstrap 1.1.0 allows local users to discover a root password by listing a process, because this password may be present in the --root-password option to virtbootstrap.py...

SUSE CVE-2020-8030

A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to leak the bootstrapToken or modify the configuration file before it is processed, leading to arbitrary modifications of the machine/cluster...

SUSE CVE-2022-1452

Out-of-bounds Read in rbinjavabootstrapmethodsattrnew function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a...

portfolioCMS Competitive Conditions Vulnerability

PortfolioCMS is Bootstrap portfolio website with admin panel. A competitive condition vulnerability exists in portfolioCMS version 1.0.0. A remote attacker can exploit this vulnerability to execute arbitrary code via the fileExt parameter of localhost/admin/uploads.php...

bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy

A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the data-target property of scrollspy. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hosting...

bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip...

bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute

In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute...

bootstrap: XSS in the tooltip or popover data-template attribute

A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired...

bootstrap: XSS in the data-target attribute

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...