CVE-2018-20676

In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute...

CVE-2016-10735

CVE-2016-10735 affects Bootstrap 3.x prior to 3.4.0 and 4.x-beta prior to 4.0.0-beta.2, enabling cross-site scripting via the data-target attribute. This is a distinct issue from CVE-2018-14041. The vulnerability arises from improper handling of data-target, allowing injected scripts/HTML through...

CVE-2018-20677

Bootstrap before 3.4.0 is vulnerable to cross-site scripting via the affix configuration target property due to improper handling of input in that attribute. The issue enables XSS in the affected component, and the condition is described as existing in Bootstrap 3.x prior to 3.4.0. Public referen...

CVE-2018-20677

In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property...

CVE-2016-10735

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041...

CVE-2018-20676

In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute...

Bootstrap Cross-Site Scripting Vulnerability (CNVD-2019-23271)

Bootstrap is an open source web front-end framework developed using HTML, CSS and JavaScript . A cross-site scripting vulnerability exists in the tooltip data-viewport attribute in Bootstrap versions prior to 3.4.0, which can be exploited by remote attackers to inject arbitrary web script or HTML...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

In Bootstrap, XSS is possible in the tooltip data-viewport attribute...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

In Bootstrap, XSS is possible in the affix configuration target property...

Bootstrap Cross-Site Scripting Vulnerability (CNVD-2019-23270)

Bootstrap is an open source web front-end framework developed using HTML, CSS and JavaScript . A cross-site scripting vulnerability exists in affix in Bootstrap versions prior to 3.4.0, which can be exploited by remote attackers to inject arbitrary web script or HTML...

PT-2019-5358 · Twitter +4 · Bootstrap +4

Name of the Vulnerable Software and Affected Versions: Bootstrap versions prior to 3.4.0 Description: The issue is related to the tooltip component of the Bootstrap toolkit, which fails to properly protect the structure of web pages. This can be exploited by a remote attacker to perform cross-sit...

PT-2019-7534 · Twitter +4 · Bootstrap +4

Name of the Vulnerable Software and Affected Versions: Bootstrap versions 2.0.4 through 3.x before 3.4.0 Bootstrap versions 4.x-beta before 4.0.0-beta.2 Description: XSS is possible in the data-target attribute. This issue is different from other known vulnerabilities. Recommendations: For...

PT-2019-5359 · Twitter +4 · Bootstrap +4

Name of the Vulnerable Software and Affected Versions: Bootstrap versions prior to 3.4.0 Description: The issue is related to the affix plugin in Bootstrap, which does not properly protect the structure of a web page, allowing for potential exploitation. This could enable a remote attacker to...

Security fix for the ALT Linux 9 package krb5 version 1.16.3-alt1

Jan. 8, 2019 Ivan A. Melnikov 1.16.3-alt1 - 1.16.3 CVE-2018-20217 - apply bootstrap and e2k tweaks mike@ closes: 32982 + introduce doc, ldap, selinux, verto knobs on by default + conditionally package bundled libverto + e2k: disable -Werror=pointer-arith,uninitialized lcc...

DRUPAL-CONTRIB-2018-074

This base theme bridges the gap between Drupal and the Bootstrap Framework. The theme doesn't sufficiently filter valid targets under the scenario of opening modals, popovers, and tooltips. This vulnerability is mitigated by the fact that an attacker must already have the ability to either: 1...

Mac OS X libxpc MITM Privilege Escalation Exploit

This Metasploit module exploits a vulnerability in libxpc on macOS versions 10.13.3 and below. The tasksetspecialport API allows callers to overwrite their bootstrap port, which is used to communicate with launchd. This port is inherited across forks: child processes will use the same bootstrap...

Bootstrap - Moderately critical - Cross site scripting - SA-CONTRIB-2018-074

This base theme bridges the gap between Drupal and the Bootstrap Framework. The theme doesn't sufficiently filter valid targets under the scenario of opening modals, popovers, and tooltips. This vulnerability is mitigated by the fact that an attacker must already have the ability to either:...

Cross-site Scripting (XSS)

bootstrap-datepicker is vulnerable to a cross-site scripting XSS attack. The library does not properly handle the jQuery for the date container, allowing a malicious user to inject arbitrary Javascript...

@bndynet/bbootstrap (>=1.0.2 <=2.2.1), @bndynet/jslib (>=1.0.52 <=2.0.0) +8 more potentially affected by CVE-2018-19056 via editor.md (=1.5.0)

editor.md NPM version =1.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on editor.md and may be impacted: - @bndynet/bbootstrap =1.0.2, =1.0.52, =2.3.6, =1.0.0, =0.2.0, =0.1.1, =0.1.0, =1.0.0, =1.0.3 Source cves: CVE-2018-19056 Source advisory:...

Bootstrap 4.0.0 < 4.1.2 Cross-Site Scripting

According to its self-reported version number, Bootstrap is at least 4.0.0 and prior to 4.1.2. Therefore, it may be affected by a Cross-Site Scripting XSS vulnerability via the tooltip, collapse and scrollspy plugins. Note that the scanner has not tested for these issues but has instead relied on...