Cross-Site Scripting

Overview Versions of bootstrap prior to 3.4.1 for 3.x and 4.3.1 for 4.x are vulnerable to Cross-Site Scripting XSS. The data-template attribute of the tooltip and popover plugins lacks input sanitization and may allow attacker to execute arbitrary JavaScript. Recommendation For bootstrap 4.x...

Security fix for the ALT Linux 8 package dotnet-bootstrap version 2.1.9-alt1

2.1.9-alt1 built May 16, 2019 Aleksei Nikiforov in task 229347 March 13, 2019 Vitaly Lipatov - new version 2.1.9 with rpmrb script - includes .NET Core 2.1.9, ASP.NET Core 2.1.9 and .NET Core SDK 2.1.505 - CVE-2019-0657: .NET Core NuGet Tampering Vulnerability...

bootstrap: XSS in the data-target attribute

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041...

bootstrap: XSS in the tooltip data-viewport attribute

A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the tooltip data-viewport attribute. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hosting W...

bootstrap: XSS in the affix configuration target property

A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting caused by improper validation of user-supplied input by the affix configuration target property. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hostin...

Cross-Site Scripting in Bootstrap CSS toolkit before 3.4.1 and 4.3.0

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, cross-site scripting is possible in the tooltip or popover data-template attribute...

Security Bulletin: API Connect V5 is impacted by vulnerabilities in Bootstrap (CVE-2018-14040 CVE-2018-14041 CVE-2018-14042)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-14042 DESCRIPTION: Bootstrap is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the the data-container property of tooltip. A remote attacker could...

CVE-2019-1710

A vulnerability in the sysadmin virtual machine VM on Cisco ASR 9000 Series Aggregation Services Routers running Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to access internal applications running on the sysadmin VM. The vulnerability is due to incorrect isolation...

JobSkee Open Source JobBoard 1.1.3 Database Disclosure

Exploit Title : JobSkee Open Source JobBoard 1.1.3 Database Disclosure Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 12/04/2019 Vendor Homepage : jobskee.com Software Download Link : jobskee.com/download.php Software Information Link :...

CVE-2019-10842

Arbitrary code execution via backdoor code was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the cfduid cookie value with base64 arbitrary code to be executed via eval, which can be leveraged to execute arbitrary code on the target...

Malicious Package

bootstrap-sass, version 3.2.0.3, is a malicious package. The vulnerability exists through a backdoor in lib/active-controller/middleware.rb in the value of the malicious cfduid cookie that is used in the eval function, causing arbitrary code execution attacks...

Bootstrap-sass contains code execution backdoor

Arbitrary code execution via backdoor code was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the cfduid cookie value with base64 arbitrary code to be executed via eval, which can be leveraged to execute arbitrary code on the target...

GHSA-VQQV-V9M2-48P2 Bootstrap-sass contains code execution backdoor

Arbitrary code execution via backdoor code was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the cfduid cookie value with base64 arbitrary code to be executed via eval, which can be leveraged to execute arbitrary code on the target...

Security Bulletin: IBM API Connect Developer Portal is affected by a cross site scripting vulnerability in Bootstrap (CVE-2019-8331)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-8331 DESCRIPTION: Bootstrap is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the tooltip or popover data-template. A remote attacker could exploit...

CVE-2019-10842

Arbitrary code execution via backdoor code was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the cfduid cookie value with base64 arbitrary code to be executed via eval, which can be leveraged to execute arbitrary code on the target...

CVE-2019-10842

Arbitrary code execution via backdoor code was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the cfduid cookie value with base64 arbitrary code to be executed via eval, which can be leveraged to execute arbitrary code on the target...

CVE-2019-10842

Arbitrary code execution via backdoor code was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the cfduid cookie value with base64 arbitrary code to be executed via eval, which can be leveraged to execute arbitrary code on the target...

CVE-2019-10842

Arbitrary code execution via backdoor code was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the cfduid cookie value with base64 arbitrary code to be executed via eval, which can be leveraged to execute arbitrary code on the target...

CVE-2019-10842

CVE-2019-10842 describes an arbitrary code execution backdoor in bootstrap-sass 3.2.0.3 when downloaded from rubygems.org. An unauthenticated attacker can craft the ___cfduid cookie value with base64-encoded code to be executed via eval(), enabling remote code execution on the target system. The ...

Remote code execution in bootstrap-sass

Arbitrary code execution via backdoor code, when downloaded from rubygems.org was discovered in bootstrap-sass 3.2.0.3. Users are advised to upgrade immediately to 3.2.0.4 An unauthenticated attacker can craft the cfduid cookie value with base64 arbitrary code to be executed via eval, which can b...