Bootstrap < 2.1.0 Cross-Site Scripting

According to its self-reported version number, Bootstrap is prior to 2.1.0. Therefore, it may be affected by a Cross-Site Scripting XSS vulnerability via html option for popovers/tooltips which is unescaped when grabbed with jQuery's .attr method. Note that the scanner has not tested for these...

Bootstrap < 3.4.0 Cross-Site Scripting

According to its self-reported version number, Bootstrap is prior to 3.4.0. Therefore, it may be affected by a Cross-Site Scripting XSS vulnerability via the data-target attribute. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported...

Nmap Bootstrap XSL - A Nmap XSL Implementation With Bootstrap

A Nmap XSL implementation with Bootstrap. How to use Add the nmap-bootstrap.xsl as stylesheet to your Nmap scan. For example: nmap -sS -T4 -A -sC -oA scanme --stylesheet https://raw.githubusercontent.com/honze-net/nmap-bootstrap-xsl/master/nmap-bootstrap.xsl scanme.nmap.org scanme2.nmap.org Open...

au.com.intelix:rs-core-js_2.11 (=0.1.3.1), au.com.mountain-pass:hyperstate (>=1 <=9) +492 more potentially affected by CVE-2018-14042 via org.webjars:bootstrap (>=2.3.0 <=3.3.7)

org.webjars:bootstrap MAVEN version =2.3.0, =1, =1, =20.3.0, =24.2.0, =20.3.0, =2.23.5, =2.23.5, =23.1.0, =2.23.0, =2.23.5, =2.23.5, =2.23.5, =4.1.0, =5.3.3 and more Source cves: CVE-2018-14042 Source advisory: OSV:GHSA-7MVR-5X2G-WFC8...

@ajoursystem/arnisp-bootstrap-xlgrid (=1.0.0), @arivazhagan/demo-project (=1.0.1) +455 more potentially affected by CVE-2018-14042 via bootstrap (>=3.1.1 <=3.3.7)

bootstrap NPM version =3.1.1, =1.31.0, =0.0.1, =0.0.1, =4.0.8, =1.0.0, =1.0.0, =0.0.0, =0.0.2 and more Source cves: CVE-2018-14042 Source advisory: OSV:GHSA-7MVR-5X2G-WFC8...

@7ninjas/scss-mixins (=1.0.0-alpha3), @afiniti/design-system (>=0.0.1 <=0.0.8) +247 more potentially affected by CVE-2018-14042 via bootstrap (>=4.0.0 <=4.1.1)

bootstrap NPM version =4.0.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =1.1.0, =1.0.0, =0.0.16, =0.0.1, =1.0.0, =2.0.0-alpha, =2.3.2, =1.0.0, =1.0.3 - @evoxmusic/angular =0.7.5 and more Source cves: CVE-2018-14042 Source advisory: OSV:GHSA-7MVR-5X2G-WFC8...

@antarctica/bas-style-kit (>=0.5.0 <=0.5.0-beta), @antistatique/retraitespopulaires-styleguide (>=0.0.1 <=1.8.4) +153 more potentially affected by CVE-2018-14042 via bootstrap-sass (>=2.3.2 <=3.3.7)

bootstrap-sass NPM version =2.3.2, =0.5.0, =0.0.1, =0.0.1, =0.533.0, =8.0.0, =0.1.0, =2.0.2, =0.1.0, =0.0.1, =1.0.0, =1.0.1 - @opuscapita/oc-common-ui =8.3.3 and more Source cves: CVE-2018-14042 Source advisory: OSV:GHSA-7MVR-5X2G-WFC8...

Bootstrap Cross-site Scripting vulnerability

In Bootstrap starting in version 2.3.0 and prior to versions 3.4.0 and 4.1.2, XSS is possible in the data-container property of tooltip. This is similar to CVE-2018-14041...

com.slyak:slyak-web-bootstrap (>=1.0.3.RELEASE <=1.0.4.RELEASE), de.smartsquare.squit:de.smartsquare.squit.gradle.plugin (>=2.0.0 <=2.2.0) +23 more potentially affected by CVE-2018-14042 via org.webjars:bootstrap (>=4.0.0 <=4.1.1)

org.webjars:bootstrap MAVEN version =4.0.0, =1.0.3.RELEASE, =2.0.0, =2.1.0, =2.0.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.3 - org.orienteer:orienteer-architect =1.4 - org.orienteer:orienteer-birt =1.4 - org.orienteer:orienteer-bpm =1.4 - org.orienteer:orienteer-camel =1.4 -...

GHSA-7MVR-5X2G-WFC8 Bootstrap Cross-site Scripting vulnerability

In Bootstrap starting in version 2.3.0 and prior to versions 3.4.0 and 4.1.2, XSS is possible in the data-container property of tooltip. This is similar to CVE-2018-14041...

com.slyak:slyak-web-bootstrap (>=1.0.3.RELEASE <=1.0.4.RELEASE), de.smartsquare.squit:de.smartsquare.squit.gradle.plugin (>=2.0.0 <=2.2.0) +23 more potentially affected by CVE-2018-14041 via org.webjars:bootstrap (>=4.0.0 <=4.1.1)

org.webjars:bootstrap MAVEN version =4.0.0, =1.0.3.RELEASE, =2.0.0, =2.1.0, =2.0.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.3 - org.orienteer:orienteer-architect =1.4 - org.orienteer:orienteer-birt =1.4 - org.orienteer:orienteer-bpm =1.4 - org.orienteer:orienteer-camel =1.4 -...

@7ninjas/scss-mixins (=1.0.0-alpha3), @afiniti/design-system (>=0.0.1 <=0.0.8) +247 more potentially affected by CVE-2018-14041 via bootstrap (>=4.0.0 <=4.1.1)

bootstrap NPM version =4.0.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =1.1.0, =1.0.0, =0.0.16, =0.0.1, =1.0.0, =2.0.0-alpha, =2.3.2, =1.0.0, =1.0.3 - @evoxmusic/angular =0.7.5 and more Source cves: CVE-2018-14041 Source advisory: OSV:GHSA-PJ7M-G53M-7638...

Bootstrap Cross-site Scripting vulnerability

In Bootstrap 4.x before 4.1.2, XSS is possible in the data-target property of scrollspy. This is similar to CVE-2018-14042...

GHSA-PJ7M-G53M-7638 Bootstrap Cross-site Scripting vulnerability

In Bootstrap 4.x before 4.1.2, XSS is possible in the data-target property of scrollspy. This is similar to CVE-2018-14042...

Bootstrap Cross-site Scripting vulnerability

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. This is similar to CVE-2018-14041...

Bootstrap Cross-site Scripting vulnerability

In Bootstrap starting in version 2.3.0 and prior to versions 3.4.0 and 4.1.2, XSS is possible in the data-container property of tooltip. This is similar to CVE-2018-14041...

Bootstrap vulnerable to Cross-Site Scripting (XSS)

In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute...

@bndynet/bbootstrap (>=1.0.2 <=2.2.1), @bndynet/jslib (>=1.0.52 <=2.0.0) +8 more potentially affected by CVE-2018-16330 via editor.md (=1.5.0)

editor.md NPM version =1.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on editor.md and may be impacted: - @bndynet/bbootstrap =1.0.2, =1.0.52, =2.3.6, =1.0.0, =0.2.0, =0.1.1, =0.1.0, =1.0.0, =1.0.3 Source cves: CVE-2018-16330 Source advisory:...

Cross-Site Scripting (XSS)

bootstrap is vulnerable to cross-site scripting XSS attacks. The library does not properly sanitize the parameters, allowing a malicious user to inject and execute arbitrary Javascript...

sRDI - Shellcode Implementation Of Reflective DLL Injection

sRDI allows for the conversion of DLL files to position independent shellcode. Functionality is accomplished via two components: C project which compiles a PE loader implementation RDI to shellcode Conversion code which attaches the DLL, RDI, and user data together with a bootstrap This project i...