CVE-2025-3060

CVE-2025-3060 affects Drupal Flattern – Multipurpose Bootstrap Business Profile. Multiple records (NVD, CVE list, OSV, CVSS metrics) indicate a vulnerability with SA-CONTRIB-2025-005 labeling it Critical and Unsupported. CVSS v3.1 metrics present: AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H, base score 6...

Drupal Flattern 安全漏洞

Drupal Flattern is a Bootstrap-based responsive theme for the Drupal community that provides a clean, modern front-end design for Drupal websites, commonly used for enterprise sites and blogs. A security vulnerability exists in Drupal Flattern, which stems from the presence of a known security...

PT-2025-13860 · Unknown · Flattern – Multipurpose Bootstrap Business Profile

Name of the Vulnerable Software and Affected Versions: Flattern – Multipurpose Bootstrap Business Profile affected versions not specified Description: The issue affects Flattern – Multipurpose Bootstrap Business Profile. No specific details about the nature of the issue or its potential impact ar...

CVE-2025-30527

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codetoolbox My Bootstrap Menu my-bootstrap-menu allows Stored XSS.This issue affects My Bootstrap Menu: from n/a through = 1.2.1...

Security Bulletin: Multiple vulnerabilities found on thirdparty libraries used by IBM® MobileFirst Platform

Summary There are multiple vulnerabilities in open source libraries used by IBM MobileFirst Platform Foundation. They are addressed in this update. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not lim...

Malicious code in bootstrap_dev_scratch (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 40332b73ea061eb436ac01a90cf6ea7447f7117047d2ea136f6f91a97da86426 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-30527

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codetoolbox My Bootstrap Menu my-bootstrap-menu allows Stored XSS.This issue affects My Bootstrap Menu: from n/a through = 1.2.1...

CVE-2025-30527 WordPress My Bootstrap Menu plugin <= 1.2.1 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codetoolbox My Bootstrap Menu my-bootstrap-menu allows Stored XSS.This issue affects My Bootstrap Menu: from n/a through = 1.2.1...

CVE-2025-30527

CVE-2025-30527 involves My Bootstrap Menu (WordPress plugin). The connected Wordfence vulnerability entry identifies the affected software as My Bootstrap Menu and states vulnerability from earlier versions up to 1.2.1, describing an "Authenticated" stored Cross-Site Scripting (XSS) due to improp...

CVE-2025-30527 WordPress My Bootstrap Menu plugin <= 1.2.1 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codetoolbox My Bootstrap Menu allows Stored XSS. This issue affects My Bootstrap Menu: from n/a through 1.2.1...

WordPress My Bootstrap Menu plugin <= 1.2.1 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin My Bootstrap Menu versions = 1.2.1...

Security Bulletin: Vulnerability in Bootstrap (CVE-2024-6531) affects Power HMC.

Summary The Bootstrap library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-6531 DESCRIPTION: Node.js Bootstrap module is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the...

WordPress plugin My Bootstrap Menu 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

Malicious code in airbnb-bootstrap-data (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8ab32fc1acc308cef69cd2c28a15f3ca79fb2ebeec3a94c3ece78de110b9229c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-27825

An XSS issue was discovered in the Bootstrap 5 Lite theme before 1.x-1.0.3 for Backdrop CMS. It doesn't sufficiently sanitize certain class names...

CVE-2025-27826

An XSS issue was discovered in the Bootstrap Lite theme before 1.x-1.4.5 for Backdrop CMS. It doesn't sufficiently sanitize certain class names...

CVE-2025-27826

An XSS issue was discovered in the Bootstrap Lite theme before 1.x-1.4.5 for Backdrop CMS. It doesn't sufficiently sanitize certain class names...

CVE-2025-27825

An XSS issue was discovered in the Bootstrap 5 Lite theme before 1.x-1.0.3 for Backdrop CMS. It doesn't sufficiently sanitize certain class names...

CVE-2025-27825

CVE-2025-27825 affects Backdrop CMS using the Bootstrap 5 Lite theme prior to 1.x-1.0.3. Root cause: insufficient sanitization of certain class names in the theme, enabling an XSS vulnerability. Public exploitation details are not provided in the connected documents. No remediation details are ex...

CVE-2025-27826

CVE-2025-27826 affects Backdrop CMS via the Bootstrap Lite theme (before 1.x-1.4.5). The underlying issue is insufficient sanitization of certain class names, enabling cross-site scripting (XSS). The citation shows a CVSS v3.1 base score of 6.4 (Medium) with network attack vector and low privileg...