Joomla ChronoForms 6.0.17 SQL Injection

Exploit Title : Joomla ChronoForms Components 6.0.17 SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 26/02/2019 Vendor Homepage : chronoengine.com Software Download Link : chronoengine.com/chronoforms Software Information Link :...

au.com.intelix:rs-core-js_2.11 (=0.1.3.1), au.com.mountain-pass:hyperstate (>=1 <=9) +467 more potentially affected by CVE-2019-8331 via org.webjars:bootstrap (>=3.0.0 <=3.4.0)

org.webjars:bootstrap MAVEN version =3.0.0, =1, =1, =4.1.0, =4.2.0, =4.1.0, =4.1.0, =0.1, =1.0.6.OSS, =0.1.1, =0.1.1, =1.0-P23-B3, =1.0-P23-B3, =0.4.3, =0.9.2 and more Source cves: CVE-2019-8331 Source advisory: OSV:GHSA-9V3M-8FP8-MJ99...

@ajoursystem/arnisp-bootstrap-xlgrid (=1.0.0), @arivazhagan/demo-project (=1.0.1) +458 more potentially affected by CVE-2019-8331 via bootstrap (>=3.1.1 <=3.4.0)

bootstrap NPM version =3.1.1, =1.31.0, =0.0.1, =0.0.1, =4.0.8, =1.0.0, =1.0.0, =0.0.0, =0.0.2 and more Source cves: CVE-2019-8331 Source advisory: OSV:GHSA-9V3M-8FP8-MJ99...

8bit-ghost-ui (>=1.0.0-beta.1 <=1.0.0-beta.2), @7ninjas/scss-mixins (=1.0.0-alpha3) +498 more potentially affected by CVE-2019-8331 via bootstrap (>=4.0.0 <=4.3.0)

bootstrap NPM version =4.0.0, =1.0.0-beta.1, =1.0.1, =1.0.3, =1.0.0, =1.0.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =1.1.0, =1.0.0, =1.0.0, =0.0.0, =1.0.0, =1.0.2 and more Source cves: CVE-2019-8331 Source advisory: OSV:GHSA-9V3M-8FP8-MJ99...

@agorize/gommette (>=1.4.1 <=1.4.2), @antarctica/bas-style-kit (>=0.5.0 <=0.5.0-beta) +154 more potentially affected by CVE-2019-8331 via bootstrap-sass (>=3.1.1 <=3.4.0)

bootstrap-sass NPM version =3.1.1, =1.4.1, =0.5.0, =0.0.1, =0.0.1, =0.533.0, =8.0.0, =0.1.0, =2.0.2, =0.1.0, =0.0.1, =1.0.0, =1.0.1 and more Source cves: CVE-2019-8331 Source advisory: OSV:GHSA-9V3M-8FP8-MJ99...

com.alilitech:boot-plus-generator (>=1.1.0 <=1.3.7), com.alilitech:boot-plus-log (>=1.2.0 <=2.0.5) +48 more potentially affected by CVE-2019-8331 via org.webjars:bootstrap (>=4.0.0 <=4.2.1)

org.webjars:bootstrap MAVEN version =4.0.0, =1.1.0, =1.2.0, =1.1.0, =1.16.0, =3.2.2, =1.0.3.RELEASE, =3.0.0-M1, =3.0.0-M1, =3.0.0-M1, =2.0.0, =2.3.0 and more Source cves: CVE-2019-8331 Source advisory: OSV:GHSA-9V3M-8FP8-MJ99...

Bootstrap Vulnerable to Cross-Site Scripting

Versions of bootstrap prior to 3.4.1 for 3.x and 4.3.1 for 4.x are vulnerable to Cross-Site Scripting XSS. The data-template attribute of the tooltip and popover plugins lacks input sanitization and may allow attacker to execute arbitrary JavaScript. Recommendation For bootstrap 4.x upgrade to...

GHSA-9V3M-8FP8-MJ99 Bootstrap Vulnerable to Cross-Site Scripting

Versions of bootstrap prior to 3.4.1 for 3.x and 4.3.1 for 4.x are vulnerable to Cross-Site Scripting XSS. The data-template attribute of the tooltip and popover plugins lacks input sanitization and may allow attacker to execute arbitrary JavaScript. Recommendation For bootstrap 4.x upgrade to...

GHSA-WH77-3X4M-4Q9G Moderate severity vulnerability that affects bootstrap and bootstrap-sass

In Bootstrap 4 before 4.3.1 and Bootstrap 3 before 3.4.1, XSS is possible in the tooltip or popover data-template attribute. For more information, see: https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/...

Moderate severity vulnerability that affects bootstrap and bootstrap-sass

In Bootstrap 4 before 4.3.1 and Bootstrap 3 before 3.4.1, XSS is possible in the tooltip or popover data-template attribute. For more information, see: https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/...

CVE-2019-8331

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute...

Design/Logic Flaw

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute...

UBUNTU-CVE-2019-8331

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute...

CVE-2019-8331

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute...

DEBIAN-CVE-2019-8331

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute...

CVE-2019-8331

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute...

CVE-2019-8331

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute...

CVE-2019-8331

CVE-2019-8331 affects Bootstrap: XSS in tooltip/popover data-template attribute observed in Bootstrap 3.4.1 and 4.3.x before 4.3.1. The underlying issue is an input that can inject script into a client browser when the vulnerable template is rendered. Affected versions include Bootstrap 3.x prior...

CVE-2019-8331

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

In Bootstrap, XSS is possible in the tooltip or popover data-template attribute...