CVE-2024-51851

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in salehattari best bootstrap widgets for elementor best-bootstrap-widgets-for-elementor allows DOM-Based XSS.This issue affects best bootstrap widgets for elementor: from n/a through = 1.0...

CVE-2024-6547

The Add Admin CSS plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0.1. This is due to the plugin utilizing bootstrap and leaving test files with displayerrors on. This makes it possible for unauthenticated attackers to retrieve the full path of t...

CVE-2024-40392

SourceCodester Pharmacy/Medical Store Point of Sale System Using PHP/MySQL and Bootstrap Framework with Source Code 1.0 was discovered to contain a SQL injection vulnerability via the name parameter under addnew.php...

CVE-2024-31823

An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the removeSecondaryImage method of the Publish.php component...

CVE-2024-31820

An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the getLangFolderForEdit method of the Languages.php component...

CVE-2024-13549

The All Bootstrap Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "Accordion" widget in all versions up to, and including, 1.3.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2023-52196

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Phil Ewels CPT Bootstrap Carousel allows Reflected XSS.This issue affects CPT Bootstrap Carousel: from n/a through 1.12...

CVE-2023-35047

Cross-Site Request Forgery CSRF vulnerability in AREOI All Bootstrap Blocks plugin = 1.3.6 versions...

CVE-2023-47851

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Akhtarujjaman Shuvo Bootstrap Shortcodes Ultimate allows Stored XSS.This issue affects Bootstrap Shortcodes Ultimate: from n/a through 4.3.1...

CVE-2023-23010

Cross Site Scripting XSS vulnerability in Ecommerce-CodeIgniter-Bootstrap thru commit d5904379ca55014c5df34c67deda982c73dc7fe5 on Dec 27, 2022, allows attackers to execute arbitrary code via the languages and transload parameters in file addproduct.php...

CVE-2022-4777

The Bootstrap Shortcodes WordPress plugin through 3.4.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2022-4576

The Easy Bootstrap Shortcode WordPress plugin through 4.5.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against...

CVE-2022-4834

The CPT Bootstrap Carousel WordPress plugin through 1.12 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

CVE-2022-1726

Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in GitHub repository wenzhixin/bootstrap-table prior to 1.20.2. Disclosing session cookies, disclosing secure session data, exfiltrating data to third-parties...

CVE-2021-21365

Bootstrap Package is a theme for TYPO3. It has been discovered that rendering content in the website frontend is vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability. Users of the extension, who have overwritten the affected templates with custo...

CVE-2020-25091

Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/vendor/views/addproduct.php...

CVE-2020-36115

Stored Cross Site Scripting XSS vulnerability in EGavilan Media CRUD Operation with PHP, MySQL, Bootstrap, and Dompdf via First Name or Last Name parameter in the 'Add New Record Feature'...

CVE-2020-29587

SimplCommerce 1.0.0-rc uses the Bootbox.js library, which allows creation of programmatic dialog boxes using Bootstrap modals. The Bootbox.js library intentionally does not perform any sanitization of user input, which results in a DOM XSS, because it uses the jQuery .html function to directly...

CVE-2020-25092

Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in parts/header.php, within application/views/templates/clothesshop, application/views/templates/greenlabel, and application/views/templates/redlabel...

CVE-2020-13890

The Neon theme 2.0 before 2020-06-03 for Bootstrap allows XSS via an Add Task Input operation in a dashboard...