Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

29 matches found

OSV
OSVadded 2019/01/09 5:29 a.m.2 views

DEBIAN-CVE-2016-10735

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041...

6.1CVSS6.4AI score0.05337EPSS
Exploits1References1
GitLab Advisory Database
GitLab Advisory Databaseadded 2019/01/09 12:0 a.m.50 views

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

In Bootstrap, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041...

6.1CVSS2AI score0.07723EPSS
Exploits2References2Affected Software1
OSV
OSVadded 2018/11/28 5:32 p.m.3 views

DRUPAL-CONTRIB-2018-074

This base theme bridges the gap between Drupal and the Bootstrap Framework. The theme doesn't sufficiently filter valid targets under the scenario of opening modals, popovers, and tooltips. This vulnerability is mitigated by the fact that an attacker must already have the ability to either: 1...

6.2AI score
Exploits0References1
Prion
Prionadded 2018/07/05 8:29 p.m.13 views

Cross site scripting

Cross-site scripting XSS vulnerability in mail compose in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev28 allows remote attackers to inject arbitrary web script or HTML via the data-target attribute in an HTML page wit...

4.3CVSS6AI score0.00278EPSS
Exploits3References3Affected Software1
CVE
CVEadded 2018/07/05 8:0 p.m.62 views

CVE-2018-9997

Open-Xchange OX App Suite contains an XSS in mail compose that can be exploited via the data-target attribute in a data-toggle gadget. Affected products/versions: OX App Suite < 7.6.3-rev31, 7.8.x < 7.8.2-rev31, 7.8.3 < 7.8.3-rev41, 7.8.4

6.1CVSS6AI score0.00278EPSS
Exploits3References3Affected Software1
CNVD
CNVDadded 2018/07/03 12:0 a.m.3 views

Open-Xchange App Suite Cross-Site Scripting Vulnerability

Open-Xchange OX App Suite is a set of Web-based cloud desktop environments from Open-Xchange USA. The environment allows users to more intuitively manage email, tasks, files, etc. mail compose is one of the mail editing components. A cross-site scripting vulnerability exists in the mail compose...

6.1CVSS5.8AI score0.00278EPSS
Exploits3References1
Veracode
Veracodeadded 2017/05/15 2:16 a.m.206 views

Cross-site Scripting (XSS)

bootstrap is vulnerable to cross-site scripting XSS attacks. The attacks exist because the data-target attribute uses user-supplied input which is then interpreted directly using standard HTML entities encoding...

6.1CVSS5.5AI score0.05337EPSS
Exploits1References13Affected Software10
Hacker One
Hacker Oneadded 2016/03/15 11:59 a.m.22 views

HackerOne: Possible XSS

Hi, I opened this report as soon as I have read https://mathiasbynens.github.io/rel-noopener/ It doesn't necessarly affect HackerOne, nor have i given it enough time to get a working dom manipulation. But since Markdown allows creating target attributes to anchor tags, it may be possible to get...

6.9AI score
Exploits0
UbuntuCve
UbuntuCveadded 2009/05/11 3:30 p.m.23 views

CVE-2009-1598

Google Chrome executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrate...

9.3CVSS5.9AI score0.00306EPSS
Exploits1References1
Rows per page
Query Builder