PT-2019-5302

Name of the Vulnerable Software and Affected Versions Bootstrap versions prior to 3.4.1 for 3.x and 4.3.1 for 4.x Description The issue is related to Cross-Site Scripting XSS in the tooltip or popover data-template attribute of the Bootstrap toolkit. This is due to a lack of input sanitization,...

Bootstrap 3.x < 3.4.1 Cross-Site Scripting

According to its self-reported version number, Bootstrap is 3.x prior 3.4.1 or 4.x prior to 4.3.1. Therefore, it may be affected by a Cross-Site Scripting XSS vulnerability via data-template attribute for tooltip and popover plugins. Note that the scanner has not tested for these issues but has...

Bootstrap 4.x < 4.3.1 Cross-Site Scripting

According to its self-reported version number, Bootstrap is 3.x prior 3.4.1 or 4.x prior to 4.3.1. Therefore, it may be affected by a Cross-Site Scripting XSS vulnerability via data-template attribute for tooltip and popover plugins. Note that the scanner has not tested for these issues but has...

XSS vulnerability in bootstrap

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute...

twitter-bootstrap-rails vulnerable to Cross-Site Scripting (XSS)

The seyhunak/twitter-bootstrap-rails gem includes a vendored version of the Bootstrap JavaScript library. In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. The most recent version of this gem, 5.0.0, includes Bootstrap v 3.3.6. Al...

XSS vulnerability in bootstrap-sass

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute...

Cross-site Scripting (XSS)

bootstrap is vulnerable to Cross-site Scripting XSS. The attack exists because it does not escape the data-template, data-content and data-title options for tooltip/popover plugins, allowing to inject malicious script through it...

DFIRTrack - The Incident Response Tracking Application

DFIRTrack Digital Forensics and Incident Response Tracking application is an open source web application mainly based on Django using a PostgreSQL database backend. In contrast to other great incident response tools, which are mainly case-based and support the work of CERTs, SOCs etc. in their...

Cross-Site Scripting in Bootstrap CSS toolkit

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-006...

Cross-Site Scripting in Bootstrap CSS toolkit

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-006...

Cross-Site Scripting in Bootstrap CSS toolkit

It has been discovered that the third party library Bootstrap CSS toolkit is vulnerable to cross-site scripting. Details are mentioned in a dedicated vulnerability report at...

Bitdefender BOX 2 bootstrap update_setup command execution vulnerability

Summary An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91. The API method /api/updatesetup does not perform firmware signature checks atomically, leading to an exploitable race condition TOCTTOU that allows arbitrary execution o...

au.com.intelix:rs-core-js_2.11 (=0.1.3.1), au.com.mountain-pass:hyperstate (>=1 <=9) +504 more potentially affected by CVE-2018-20677 via org.webjars:bootstrap (>=2.2.1 <=3.3.7)

org.webjars:bootstrap MAVEN version =2.2.1, =1, =1, =20.3.0, =24.2.0, =20.3.0, =2.23.5, =2.23.5, =23.1.0, =2.23.0, =2.23.5, =2.23.5, =2.23.5, =4.1.0, =5.3.3 and more Source cves: CVE-2018-20677 Source advisory: OSV:GHSA-PH58-4VRJ-W6HR...

@antarctica/bas-style-kit (>=0.5.0 <=0.5.0-beta), @antistatique/retraitespopulaires-styleguide (>=0.0.1 <=1.8.4) +153 more potentially affected by CVE-2018-20677 via bootstrap-sass (>=2.3.2 <=3.3.7)

bootstrap-sass NPM version =2.3.2, =0.5.0, =0.0.1, =0.0.1, =0.533.0, =8.0.0, =0.1.0, =2.0.2, =0.1.0, =0.0.1, =1.0.0, =1.0.1 - @opuscapita/oc-common-ui =8.3.3 and more Source cves: CVE-2018-20677 Source advisory: OSV:GHSA-PH58-4VRJ-W6HR...

@ajoursystem/arnisp-bootstrap-xlgrid (=1.0.0), @arivazhagan/demo-project (=1.0.1) +456 more potentially affected by CVE-2018-20677 via bootstrap (>=0.0.2 <=3.3.7)

bootstrap NPM version =0.0.2, =1.31.0, =0.0.1, =0.0.1, =4.0.8, =1.0.0, =1.0.0, =0.0.0, =0.0.2 and more Source cves: CVE-2018-20677 Source advisory: OSV:GHSA-PH58-4VRJ-W6HR...

GHSA-PH58-4VRJ-W6HR bootstrap Cross-site Scripting vulnerability

In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property...

bootstrap Cross-site Scripting vulnerability

In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property...

au.com.intelix:rs-core-js_2.11 (=0.1.3.1), au.com.mountain-pass:hyperstate (>=1 <=9) +504 more potentially affected by CVE-2018-20676 via org.webjars:bootstrap (>=2.2.1 <=3.3.7)

org.webjars:bootstrap MAVEN version =2.2.1, =1, =1, =20.3.0, =24.2.0, =20.3.0, =2.23.5, =2.23.5, =23.1.0, =2.23.0, =2.23.5, =2.23.5, =2.23.5, =4.1.0, =5.3.3 and more Source cves: CVE-2018-20676 Source advisory: OSV:GHSA-3MGP-FX93-9XV5...

@antarctica/bas-style-kit (>=0.5.0 <=0.5.0-beta), @antistatique/retraitespopulaires-styleguide (>=0.0.1 <=1.8.4) +153 more potentially affected by CVE-2018-20676 via bootstrap-sass (>=2.3.2 <=3.3.7)

bootstrap-sass NPM version =2.3.2, =0.5.0, =0.0.1, =0.0.1, =0.533.0, =8.0.0, =0.1.0, =2.0.2, =0.1.0, =0.0.1, =1.0.0, =1.0.1 - @opuscapita/oc-common-ui =8.3.3 and more Source cves: CVE-2018-20676 Source advisory: OSV:GHSA-3MGP-FX93-9XV5...

@ajoursystem/arnisp-bootstrap-xlgrid (=1.0.0), @arivazhagan/demo-project (=1.0.1) +456 more potentially affected by CVE-2018-20676 via bootstrap (>=0.0.2 <=3.3.7)

bootstrap NPM version =0.0.2, =1.31.0, =0.0.1, =0.0.1, =4.0.8, =1.0.0, =1.0.0, =0.0.0, =0.0.2 and more Source cves: CVE-2018-20676 Source advisory: OSV:GHSA-3MGP-FX93-9XV5...