Moderate: Red Hat Security Advisory: ovirt-web-ui security and bug fix update

An update for ovirt-web-ui is now available for Red Hat Virtualization Engine 4.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

bootstrap: XSS in the tooltip data-viewport attribute

A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the tooltip data-viewport attribute. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hosting W...

bootstrap: XSS in the data-target attribute

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041...

bootstrap: XSS in the tooltip or popover data-template attribute

A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired...

bootstrap: XSS in the affix configuration target property

A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting caused by improper validation of user-supplied input by the affix configuration target property. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hostin...

Moderate: Red Hat Security Advisory: ovirt-engine-ui-extensions security and bug fix update

An update for ovirt-engine-ui-extensions is now available for Red Hat Virtualization Engine 4.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

CVE-2019-10215

Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a cross-site scripting flaw in the highlighter function. An attacker could exploit this via user interaction to execute code in the user's browser...

CVE-2019-10215

Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a cross-site scripting flaw in the highlighter function. An attacker could exploit this via user interaction to execute code in the user's browser...

Cross site scripting

Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a cross-site scripting flaw in the highlighter function. An attacker could exploit this via user interaction to execute code in the user's browser...

CVE-2019-10215

CVE-2019-10215 is a cross-site scripting vulnerability in Bootstrap-3-Typeahead’s highlighter() function (affecting versions after 4.0.2). Exploitation required user interaction; the issue was introduced in commit dbd1af5bf and has been addressed in later advisories (e.g., GHSA-m2hm-hrr2-6P2Q) an...

CVE-2019-10215

Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a cross-site scripting flaw in the highlighter function. An attacker could exploit this via user interaction to execute code in the user's browser...

Cross-Site Scripting (XSS)

bootstrap-3-typeahead is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser due to improper special characters escaping...

Bootstrap 3 Typeahead CVE-2019-10215 Cross Site Scripting Vulnerabilitiy

Description Bootstrap 3 Typeahead is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the...

CVE-2019-16116

EnterpriseDT CompleteFTP Server prior to version 12.1.3 is vulnerable to information exposure in the Bootstrap.log file. This allows an attacker to obtain the administrator password hash...

FreeBSD : mantis -- multiple vulnerabilities (81fcc2f9-e15a-11e9-abbf-800dd28b22bd)

The Mantis developers report : CVE-2019-15715: Admin Required - Post Authentication Command Execution / Injection Vulnerability CVE-2019-8331: In Bootstrap before 3.4.1, XSS is possible in the tooltip or popover data-template attribute Missing integrity hashes for CSS resources from CDNs C Tenabl...

com.ganshane.lichen:lichen-creeper (>=0.5.9 <=0.5.10.2), com.ganshane.lichen:lichen-node (>=0.5.9 <=0.5.10.2) +45 more potentially affected by CVE-2019-10071 via org.apache.tapestry:tapestry-core (>=5.4-beta-22 <=5.4.4)

org.apache.tapestry:tapestry-core MAVEN version =5.4-beta-22, =0.5.9, =0.5.9, =0.5.9, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.92-RELEASE, =0.98 - de.julielab:julie-elastic-query-components =1.0.3 - de.julielab:julielab-elastic-query-components =1.2.0 -...

mimaleather.com Improper Access Control vulnerability

Open Bug Bounty ID: OBB-977832 Security Researcher drok3r Helped patch 244 vulnerabilities Received 4 Coordinated Disclosure badges Received 1 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting mimaleather.com website and it...

Malicious Package

simplecaptcha2 is a malicious package. The package contains a backdoor similar to the bootstrap-sass malware, as seen in simplecaptcha2-0.2.3/lib/simplecaptcha/middleware.rb...

Malicious Package

datagrid is a malicious package. The package contains a backdoor similar to the bootstrap-sass malware, as seen in datagrid-1.0.6/lib/datagrid/drivers/abstractdriver.rb...

Fedora Update for virt-bootstrap FEDORA-2019-e465ec0651

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...