bootstrap: XSS in the data-target attribute

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041...

bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute

In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute...

bootstrap: XSS in the affix configuration target property

A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting caused by improper validation of user-supplied input by the affix configuration target property. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hostin...

bootstrap: XSS in the tooltip or popover data-template attribute

A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired...

bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip...

pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update

An update is available for jackson-core, ldapjdk, glassfish-jaxb-api, glassfish-fastinfoset, xalan-j2, apache-commons-net, xmlstreambuffer, jackson-annotations, jackson-databind, pki-servlet-engine, apache-commons-lang, jackson-module-jaxb-annotations, apache-commons-collections, javassist,...

idm:DL1 and idm:client security, bug fix, and enhancement update

An update is available for python-jwcrypto, custodia, python-qrcode, python-yubico, python-kdcproxy, pyusb. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Rocky...

openSUSE: Security Advisory for virt-bootstrap (openSUSE-SU-2020:1787-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : virt-bootstrap (openSUSE-2020-1787)

This update for virt-bootstrap fixes the following issues : Security issue fixed : - CVE-2019-13314: Allow providing the container's root password using a file bsc1140750. This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security, Inc. The descriptive text an...

OPENSUSE-SU-2020:1787-1 Security update for virt-bootstrap

This update for virt-bootstrap fixes the following issues: Security issue fixed: - CVE-2019-13314: Allow providing the container's root password using a file bsc1140750. This update was imported from the SUSE:SLE-15:Update update project...

Security update for virt-bootstrap (moderate)

openSUSE Security Update: Security update for virt-bootstrap Announcement ID: openSUSE-SU-2020:1787-1 Rating: moderate References: 1140750 Cross-References: CVE-2019-13314 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update for...

Cross-Site Scripting (XSS)

ngx-bootstrap is vulnerable to cross-site scripting which allows an attacker to inject and execute arbitrary Javascript via the search and highlight functionality within the typeahead component...

Amazon Linux 2 : ipa (ALAS-2020-1519)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1519 advisory. jQuery before 3.0.0 is vulnerable to Cross-site Scripting XSS attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed...

SUSE-SU-2020:3045-1 Security update for virt-bootstrap

This update for virt-bootstrap fixes the following issues: Security issue fixed: - CVE-2019-13314: Allow providing the container's root password using a file bsc1140750...

CentOS 7 : ipa (RHSA-2020:3936)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3936 advisory. - jQuery before 3.0.0 is vulnerable to Cross-site Scripting XSS attacks when a cross-domain Ajax request is performed without the dataType option,...

Unspecified vulnerability in Linux kernel (CNVD-2021-19433)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the U.S. KVM is one of the kernel-based virtual machines. A security vulnerability exists in Linux kernel 5.8.13 and earlier versions, which stems from a failure to properly implement th...

Cross site scripting

bootstrap-select before 1.13.6 allows Cross-Site Scripting XSS. It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser...

CVE-2019-20921

bootstrap-select before 1.13.6 allows Cross-Site Scripting XSS. It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser...

CVE-2019-20921

Summary: CVE-2019-20921 affects bootstrap-select (before 1.13.6) by not escaping title values in OPTION elements, enabling Cross-Site Scripting (XSS) in the victim’s browser. Public details in the provided documents identify the vulnerable component as bootstrap-select and confirm the root cause ...

bootstrap: XSS in the data-target attribute

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041...