CVE-2022-4777

The Bootstrap Shortcodes WordPress plugin through 3.4.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2022-4576

The Easy Bootstrap Shortcode WordPress plugin through 4.5.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against...

CVE-2022-4834

The CPT Bootstrap Carousel WordPress plugin through 1.12 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

CVE-2022-1726

Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in GitHub repository wenzhixin/bootstrap-table prior to 1.20.2. Disclosing session cookies, disclosing secure session data, exfiltrating data to third-parties...

CVE-2021-21365

Bootstrap Package is a theme for TYPO3. It has been discovered that rendering content in the website frontend is vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability. Users of the extension, who have overwritten the affected templates with custo...

CVE-2020-25091

Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/vendor/views/addproduct.php...

CVE-2020-36115

Stored Cross Site Scripting XSS vulnerability in EGavilan Media CRUD Operation with PHP, MySQL, Bootstrap, and Dompdf via First Name or Last Name parameter in the 'Add New Record Feature'...

CVE-2020-29587

SimplCommerce 1.0.0-rc uses the Bootbox.js library, which allows creation of programmatic dialog boxes using Bootstrap modals. The Bootbox.js library intentionally does not perform any sanitization of user input, which results in a DOM XSS, because it uses the jQuery .html function to directly...

CVE-2020-25092

Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in parts/header.php, within application/views/templates/clothesshop, application/views/templates/greenlabel, and application/views/templates/redlabel...

CVE-2020-13890

The Neon theme 2.0 before 2020-06-03 for Bootstrap allows XSS via an Add Task Input operation in a dashboard...

CVE-2020-25088

Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/blog/blogpublish.php...

CVE-2018-12918

In libpbc.a in PBC through 2017-03-02, there is a Segmentation fault in pbcBregisterfields in bootstrap.c...

Cross-Site Scripting

Bootstrap Multiselect is vulnerable to Reflective Cross-Site Scripting XSS. The vulnerability is due to unsanitized output of POST data in a PHP script, which allows attackers to execute arbitrary JavaScript in the context of a victim's browser through Cross-Site Request Forgery CSRF...

CVE-2024-12722

The Twitter Bootstrap Collapse aka Accordian Shortcode WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...

CVE-2024-12722

The Twitter Bootstrap Collapse aka Accordian Shortcode WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...

CVE-2024-12722

The Twitter Bootstrap Collapse aka Accordian Shortcode WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...

CVE-2024-12722

CVE-2024-12722 affects the WordPress plugin Twitter Bootstrap Collapse aka Accordian Shortcode, alleging Stored Cross-Site Scripting via shortcode attributes in versions

CVE-2024-12722 Twitter Bootstrap Collapse aka Accordian Shortcode <= 1.0 - Stored XSS via Shortcode

The Twitter Bootstrap Collapse aka Accordian Shortcode WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...

CVE-2024-12722 Twitter Bootstrap Collapse aka Accordian Shortcode <= 1.0 - Stored XSS via Shortcode

The Twitter Bootstrap Collapse aka Accordian Shortcode WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...

01.webpack-study (=1.0.0), 0226 (=1.0.0) +3005 more potentially affected by CVE-2025-1647 via bootstrap (=3.4.1)

bootstrap NPM version =3.4.1 is affected by a known vulnerability. The following packages have a transitive dependency on bootstrap and may be impacted: - 01.webpack-study =1.0.0 - 0226 =1.0.0 - 03-npm =1.0.0 - 2cs-basecode =0.1.0, =4.13.7-rc4, =3.0.1, =3.0.4, =0.0.0-ad-beta.1, =0.0.0-aj-alpha.9,...