bootstrap: XSS in the tooltip data-viewport attribute

A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the tooltip data-viewport attribute. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hosting W...

bootstrap: XSS in the affix configuration target property

A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting caused by improper validation of user-supplied input by the affix configuration target property. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hostin...

bootstrap: XSS in the tooltip or popover data-template attribute

A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired...

Moderate: Red Hat Security Advisory: python-XStatic-Bootstrap-SCSS security update

An update for python-XStatic-Bootstrap-SCSS is now available for Red Hat OpenStack Platform 13 Queens. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

Security Bulletin: OSS scan fixes for Content pos

Summary Open Source security issues for Content pod Vulnerability Details CVEID: CVE-2018-20677 DESCRIPTION: Bootstrap is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the affix configuration target property. A remote attacker could exploit this...

SQL Injection Vulnerability in oasys Frontend

oasys is an OA office automation system , the use of Maven for project management , springboot framework based on the development of the project , mysql underlying database , front-end freemarker template engine , Bootstrap as the front-end UI framework , integrated jpa, mybatis and other...

Security Bulletin: A security vulnerability in Node.js acorn and bootstrap-select affects IBM Cloud Pak for Multicloud Management Infrastructure Management and Managed Service.

Summary A security vulnerability in Node.js acorn and bootstrap-select affects IBM Cloud Pak for Multicloud Management Infrastructure Management and Managed Service. Vulnerability Details Third Party Entry: 177309 DESCRIPTION: Node.js acorn module denial of service CVSS Base score: 5.3 CVSS...

Fastadmin Code Injection Vulnerability

fastadmin is a set of website backend development framework based on ThinkPHP and Bootstrap. Fastadmin V1.0.0.20200506 beta has a security vulnerability that can be exploited by attackers to cause server-side template injection SST vulnerability attacks...

RHEL 7 : ipa (RHSA-2020:3936)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3936 advisory. Red Hat Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and...

fastadmin SQL Injection Vulnerability

fastadmin is a set of website backend development framework based on ThinkPHP and Bootstrap. A SQL injection vulnerability exists in fastadmin V1.0.0.20191212 beta, which stems from a malicious parameter that can be passed in the URL admin ajax for SQL injection when a user with administrator...

HorizontCMS File Upload Vulnerability

HorizontCMS is an open source, responsive content management system CMS built on Laravel 6, VueJs 2.6 and Bootstrap 3.4. HorizontCMS 1.0.0-beta is vulnerable to unrestricted file uploads. An attacker can exploit this vulnerability to upload PHP code via zip file and execute PHP files via HTTP GET...

openSUSE Security Update : virt-bootstrap (openSUSE-2020-1856)

This update for virt-bootstrap fixes the following issues : Security issue fixed : - CVE-2019-13314: Allow providing the container's root password using a file bsc1140750. This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security, Inc. The descriptive text an...

OPENSUSE-SU-2020:1856-1 Security update for virt-bootstrap

This update for virt-bootstrap fixes the following issues: Security issue fixed: - CVE-2019-13314: Allow providing the container's root password using a file bsc1140750. This update was imported from the SUSE:SLE-15:Update update project...

Security update for virt-bootstrap (moderate)

openSUSE Security Update: Security update for virt-bootstrap Announcement ID: openSUSE-SU-2020:1856-1 Rating: moderate References: 1140750 Cross-References: CVE-2019-13314 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for...

bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip...

bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute

In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute...

bootstrap: XSS in the data-target attribute

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041...

bootstrap: XSS in the tooltip or popover data-template attribute

A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired...

Moderate: Red Hat Security Advisory: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update

An update for the pki-core:10.6 and pki-deps:10.6 modules is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

bootstrap: XSS in the tooltip data-viewport attribute

A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the tooltip data-viewport attribute. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hosting W...