2340 matches found
MAL-2025-44646 Malicious code in hugo-stop-callback-bootstrap (npm)
The package hugo-stop-callback-bootstrap was found to contain malicious code...
MAL-2025-44756 Malicious code in janus-react-bootstrap-less-loader-biomimicry (npm)
The package janus-react-bootstrap-less-loader-biomimicry was found to contain malicious code...
MAL-2025-45574 Malicious code in polaris-io-react-bootstrap-polaris (npm)
The package polaris-io-react-bootstrap-polaris was found to contain malicious code...
MAL-2025-43907 Malicious code in cressida-darkmatter-bootstrap-luna (npm)
The package cressida-darkmatter-bootstrap-luna was found to contain malicious code...
MAL-2025-46158 Malicious code in subscription-bootstrap-publish-semantic-release (npm)
The package subscription-bootstrap-publish-semantic-release was found to contain malicious code...
MAL-2025-46474 Malicious code in upgrade-react-bootstrap-antares-airbnb (npm)
The package upgrade-react-bootstrap-antares-airbnb was found to contain malicious code...
MAL-2025-46676 Malicious code in xenon-hydra-react-bootstrap-leda (npm)
The package xenon-hydra-react-bootstrap-leda was found to contain malicious code...
MAL-2025-43643 Malicious code in bootstrap-biomimicry-parsec-cressida (npm)
The package bootstrap-biomimicry-parsec-cressida was found to contain malicious code...
MAL-2025-45761 Malicious code in react-bootstrap-telesto-jupiter-transform (npm)
The package react-bootstrap-telesto-jupiter-transform was found to contain malicious code...
Malicious code in websockets-tool-backend-bootstrap (npm)
The package websockets-tool-backend-bootstrap was found to contain malicious code...
Malicious code in bootstrap-biomimicry-parsec-cressida (npm)
The package bootstrap-biomimicry-parsec-cressida was found to contain malicious code...
Malicious code in cressida-darkmatter-bootstrap-luna (npm)
The package cressida-darkmatter-bootstrap-luna was found to contain malicious code...
CVE-2023-7008 affecting package systemd-bootstrap for versions less than 250.3-18
CVE-2023-7008 affecting package systemd-bootstrap for versions less than 250.3-18. A patched version of the package is available...
CVE-2025-41051
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/bootstrap...
CVE-2025-41051
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/bootstrap...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the dataAddonlayouts and dataAddonlayoutsexcept parameters in the /apprain/developer/addons/update/bootstrap process. An attacker can execute arbitrary JavaScript code in the context of a user's browser by...
CVE-2025-41051 Stored Cross-Site Scripting vulnerability in appRain CMF
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/bootstrap...
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attributeIn Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute
...
appRain CMF 跨站脚本漏洞
appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input on the /apprain/developer/addons/update/bootstrap endpoint. An attacker could use this vulnerability to steal the victim's cookie-based authentication...
PT-2025-35922
Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: A stored authenticated cross-site scripting XSS issue exists due to insufficient validation of user-supplied data. The vulnerability is triggered through the dataAddonlayouts and dataAddonlayouts except...