20 matches found
EUVD-2021-0995
Malware in sbrugna...
RHEL 8 : nodejs-bootstrap-select (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-bootstrap-select: not escaping title values on may lead to XSS CVE-2019-20921 Note that Nessus has not teste...
Cross-site scripting in bootstrap-select
Overview bootstrap-select before 1.13.6 allows Cross-Site Scripting XSS. It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser. Recommendation Upgrade to version 1.13.6 or later References - CVE - GitHub Advisory...
GHSA-7C82-MP33-R854 Cross-site scripting in bootstrap-select
bootstrap-select before 1.13.6 allows Cross-Site Scripting XSS. It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser...
Cross-site scripting in bootstrap-select
bootstrap-select before 1.13.6 allows Cross-Site Scripting XSS. It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser...
@0negativ/hawtio-integration (>=4.13.7-rc4 <=4.13.7-rc5), @archey347/uf_blog (=0.0.0) +383 more potentially affected by CVE-2019-20921 via bootstrap-select (>=1.10.0 <=1.13.5)
bootstrap-select NPM version =1.10.0, =4.13.7-rc4, =1.31.0, =1.13.0, =1.0.9, =2.0.0, =0.1.0, =1.0.0, =2.0.0, =2.2.0, =0.0.4, =2.0.0, =2.0.31 and more Source cves: CVE-2019-20921 Source advisory: OSV:GHSA-7C82-MP33-R854...
RHEL 8 : RHV Manager (ovirt-engine) 4.4.z [ovirt-4.4.5] security, (Moderate) (RHSA-2021:1169)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1169 advisory. The ovirt-engine package provides the manager for virtualization environments. This manager enables admins to define hosts and networks, as...
nodejs-bootstrap-select: not escaping title values on <option> may lead to XSS
bootstrap-select before 1.13.6 allows Cross-Site Scripting XSS. It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser...
nodejs-bootstrap-select: not escaping title values on <option> may lead to XSS
bootstrap-select before 1.13.6 allows Cross-Site Scripting XSS. It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser...
Moderate: Red Hat Security Advisory: RHV Manager (ovirt-engine) 4.4.z [ovirt-4.4.5] 0-day security, bug fix, enhance
An update for org.ovirt.engine-root, ovirt-engine-ui-extensions, and ovirt-web-ui is now available for Red Hat Virtualization Engine 4.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a...
Security Bulletin: A security vulnerability in Node.js acorn and bootstrap-select affects IBM Cloud Pak for Multicloud Management Infrastructure Management and Managed Service.
Summary A security vulnerability in Node.js acorn and bootstrap-select affects IBM Cloud Pak for Multicloud Management Infrastructure Management and Managed Service. Vulnerability Details Third Party Entry: 177309 DESCRIPTION: Node.js acorn module denial of service CVSS Base score: 5.3 CVSS...
Cross site scripting
bootstrap-select before 1.13.6 allows Cross-Site Scripting XSS. It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser...
CVE-2019-20921
bootstrap-select before 1.13.6 allows Cross-Site Scripting XSS. It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser...
CVE-2019-20921
Summary: CVE-2019-20921 affects bootstrap-select (before 1.13.6) by not escaping title values in OPTION elements, enabling Cross-Site Scripting (XSS) in the victim’s browser. Public details in the provided documents identify the vulnerable component as bootstrap-select and confirm the root cause ...
GHSA-9R7H-6639-V5MW Cross-Site Scripting in bootstrap-select
Versions of bootstrap-select prior to 1.13.6 are vulnerable to Cross-Site Scripting XSS. The package does not escape title values on tags. This may allow attackers to execute arbitrary JavaScript in a victim's browser. Recommendation Upgrade to version 1.13.6 or later...
@0negativ/hawtio-integration (>=4.13.7-rc4 <=4.13.7-rc5), @archey347/uf_blog (=0.0.0) +383 more potentially affected by CVE-2019-20921 via bootstrap-select (>=1.10.0 <=1.13.5)
bootstrap-select NPM version =1.10.0, =4.13.7-rc4, =1.31.0, =1.13.0, =1.0.9, =2.0.0, =0.1.0, =1.0.0, =2.0.0, =2.2.0, =0.0.4, =2.0.0, =2.0.31 and more Source cves: CVE-2019-20921 Source advisory: OSV:GHSA-9R7H-6639-V5MW...
Cross-Site Scripting in bootstrap-select
Versions of bootstrap-select prior to 1.13.6 are vulnerable to Cross-Site Scripting XSS. The package does not escape title values on tags. This may allow attackers to execute arbitrary JavaScript in a victim's browser. Recommendation Upgrade to version 1.13.6 or later...
PT-2020-10876 · Twitter · Bootstrap-Select
Name of the Vulnerable Software and Affected Versions: bootstrap-select versions prior to 1.13.6 Description: The issue allows Cross-Site Scripting XSS due to the failure to escape title values in OPTION elements. This may enable attackers to execute arbitrary JavaScript in a victim's browser...
Cross-site Scripting (XSS)
Overview bootstrap-select is a .NET bundle for bootstrap-select jQuery plugin. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the use of the data-subtext attribute, in cases where that content originates from a user-controlled input. PoC by Snyk Research js HTML ...
Cross-Site Scripting
Overview Versions of bootstrap-select prior to 1.13.6 are vulnerable to Cross-Site Scripting XSS. The package does not escape title values on tags. This may allow attackers to execute arbitrary JavaScript in a victim's browser. Recommendation Upgrade to version 1.13.6 or later. References - GitHu...