CVE-2020-25087

CVE-2020-25087 affects Ecommerce-CodeIgniter-Bootstrap (pre-2020-08-03) with a stored/reflected XSS in application/modules/admin/views/advanced_settings/languages.php. The NVD entry reports CVSSv2 base 4.3 (MEDIUM) and CVSSv3.1 base 6.1 (MEDIUM), indicating network vector with no authentication, ...

CVE-2020-25088

Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/blog/blogpublish.php...

CVE-2020-25088

The CVE-2020-25088 entry relates to Ecommerce-CodeIgniter-Bootstrap (pre-2020-08-03) and allows cross-site scripting in the admin blog publish view (application/modules/admin/views/blog/blogpublish.php). Concrete details from connected sources confirm the vulnerability stems from insufficient val...

CVE-2020-25089

CVE-2020-25089 affects Ecommerce-CodeIgniter-Bootstrap prior to 2020-08-03, allowing cross-site scripting in application/modules/admin/views/ecommerce/discounts.php. Multiple connected sources corroborate an XSS vulnerability stemming from insufficient input validation. The CVSS metrics indicate ...

CVE-2020-25089

Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/ecommerce/discounts.php...

CVE-2020-25090

Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/ecommerce/publish.php...

CVE-2020-25090

The CVE-2020-25090 entry corresponds to an XSS vulnerability in Ecommerce-CodeIgniter-Bootstrap prior to 2020-08-03, specifically in application/modules/admin/views/ecommerce/publish.php. The root cause is insufficient validation of client-side data in the web application, enabling cross-site scr...

CVE-2020-25091

CVE-2020-25091 : XSS in Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 due to lack of proper validation in application/modules/vendor/views/add_product.php. Multiple sources corroborate the issue; CNVD notes the root cause as missing input validation. No patch/version remediation is specified ...

CVE-2020-25091

Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/vendor/views/addproduct.php...

CVE-2020-25092

CVE-2020-25092 affects Ecommerce-CodeIgniter-Bootstrap. The vulnerability is an XSS issue located in _parts/header.php and in the templates at application/views/templates/clothesshop, application/views/templates/greenlabel, and application/views/templates/redlabel. The public records indicate thi...

CVE-2020-25092

Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in parts/header.php, within application/views/templates/clothesshop, application/views/templates/greenlabel, and application/views/templates/redlabel...

CVE-2020-25093

The CVE-2020-25093 entry concerns an XSS vulnerability in Ecommerce-CodeIgniter-Bootstrap prior to 2020-08-03. The affected area is blog.php within the templates: clothesshop, onepage, and redlabel. The underlying issue is a cross-site scripting flaw that allows input to be echoed without proper ...

PT-2020-10876 · Twitter · Bootstrap-Select

Name of the Vulnerable Software and Affected Versions: bootstrap-select versions prior to 1.13.6 Description: The issue allows Cross-Site Scripting XSS due to the failure to escape title values in OPTION elements. This may enable attackers to execute arbitrary JavaScript in a victim's browser...

GHSA-C7PP-X73H-4M2V Cross-Site Scripting in bootstrap-vue

Versions of bootstrap-vue prior to 2.0.0-rc.12 are vulnerable to Cross-Site Scripting. Due to insufficient input sanitization, components may be vulnerable to Cross-Site Scripting through the options variable. This may lead to the execution of malicious JavaScript on the user's browser...

Cross-Site Scripting in bootstrap-vue

Versions of bootstrap-vue prior to 2.0.0-rc.12 are vulnerable to Cross-Site Scripting. Due to insufficient input sanitization, components may be vulnerable to Cross-Site Scripting through the options variable. This may lead to the execution of malicious JavaScript on the user's browser...

@addaps/doca-addaps-theme (>=1.0.1 <=1.0.6), doca-bootstrap-theme (>=0.0.6 <=1.0.0) +11 more potentially affected by unknown CVE via react-marked-markdown (=1.4.6)

react-marked-markdown NPM version =1.4.6 is affected by a known vulnerability. The following packages have a transitive dependency on react-marked-markdown and may be impacted: - @addaps/doca-addaps-theme =1.0.1, =0.0.6, =0.0.1, =0.2.1, =1.0.0, =0.0.1, =1.0.0, =0.1.1, =0.15.1, =0.1.2, =0.2.1 Sour...

@corex/argon-theme (>=1.1.1 <=1.1.33), @creative-tim-official/argon-dashboard-free (=1.2.0) +14 more potentially affected by CVE-2016-1000227 via bootstrap-tagsinput (=0.7.1)

bootstrap-tagsinput NPM version =0.7.1 is affected by a known vulnerability. The following packages have a transitive dependency on bootstrap-tagsinput and may be impacted: - @corex/argon-theme =1.1.1, =0.27.0, =0.0.1, =0.1.0, =3.0.0, =1.2.0, =0.1.0, =0.2.0, =0.1.1, =1.2.6, =1.4.0, =0.1.89, =0.2....

Cross-Site Scripting in bootstrap-tagsinput

All versions of bootstrap-tagsinput are vulnerable to cross-site scripting when user input is passed into the itemTitle parameter unmodified, as the package fails to properly sanitize or encode user input for that parameter. Recommendation This package is not actively maintained, and has not seen...

GHSA-V2JQ-9475-R5G8 Cross-Site Scripting in bootstrap-tagsinput

All versions of bootstrap-tagsinput are vulnerable to cross-site scripting when user input is passed into the itemTitle parameter unmodified, as the package fails to properly sanitize or encode user input for that parameter. Recommendation This package is not actively maintained, and has not seen...

Yeti - Your Everyday Threat Intelligence

Yeti is a platform meant to organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unified repository. Yeti will also automatically enrich observables e.g. resolve domains, geolocate IPs so that you don't have to. Yeti provides an interface for humans shiny...