58 matches found
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
In Bootstrap, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041...
PT-2019-7534 · Twitter +4 · Bootstrap +4
Name of the Vulnerable Software and Affected Versions: Bootstrap versions 2.0.4 through 3.x before 3.4.0 Bootstrap versions 4.x-beta before 4.0.0-beta.2 Description: XSS is possible in the data-target attribute. This issue is different from other known vulnerabilities. Recommendations: For...
DRUPAL-CONTRIB-2018-074
This base theme bridges the gap between Drupal and the Bootstrap Framework. The theme doesn't sufficiently filter valid targets under the scenario of opening modals, popovers, and tooltips. This vulnerability is mitigated by the fact that an attacker must already have the ability to either: 1...
GHSA-PJ7M-G53M-7638 Bootstrap Cross-site Scripting vulnerability
In Bootstrap 4.x before 4.1.2, XSS is possible in the data-target property of scrollspy. This is similar to CVE-2018-14042...
Bootstrap Cross-site Scripting vulnerability
In Bootstrap 4.x before 4.1.2, XSS is possible in the data-target property of scrollspy. This is similar to CVE-2018-14042...
Bootstrap Cross-Site Scripting Vulnerability
Bootstrap is an open source web front-end framework developed using HTML, CSS and JavaScript . A cross-site scripting vulnerability exists in the data-target attribute of scrollspy in Bootstrap versions prior to 4.1.2. A remote attacker can exploit this vulnerability to inject arbitrary web scrip...
CVE-2018-14041
In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy...
Design/Logic Flaw
In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy...
CVE-2018-14041
In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy...
CVE-2018-14041
In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy...
CVE-2018-14041
CVE-2018-14041 affects Bootstrap: XSS in the data-target attribute of scrollspy for Bootstrap versions before 4.1.2. The root cause is unvalidated input in data-target, enabling HTML/JS injection. Remediation is to upgrade to Bootstrap 4.1.2 or later (as referenced by Bootstrap’s security note). ...
Cross site scripting
Cross-site scripting XSS vulnerability in mail compose in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev28 allows remote attackers to inject arbitrary web script or HTML via the data-target attribute in an HTML page wit...
CVE-2018-9997
Cross-site scripting XSS vulnerability in mail compose in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev28 allows remote attackers to inject arbitrary web script or HTML via the data-target attribute in an HTML page wit...
CVE-2018-9997
Open-Xchange OX App Suite contains an XSS in mail compose that can be exploited via the data-target attribute in a data-toggle gadget. Affected products/versions: OX App Suite < 7.6.3-rev31, 7.8.x < 7.8.2-rev31, 7.8.3 < 7.8.3-rev41, 7.8.4
Open-Xchange App Suite Cross-Site Scripting Vulnerability
Open-Xchange OX App Suite is a set of Web-based cloud desktop environments from Open-Xchange USA. The environment allows users to more intuitively manage email, tasks, files, etc. mail compose is one of the mail editing components. A cross-site scripting vulnerability exists in the mail compose...
Cross-site Scripting (XSS)
bootstrap is vulnerable to cross-site scripting XSS attacks. The attacks exist because the data-target attribute uses user-supplied input which is then interpreted directly using standard HTML entities encoding...
XSS vulnerability via data-target in bootstrap
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute...
WordPress Users Ultra Plugin SQL Injection Vulnerability
WordPress is a blogging platform developed in the PHP language that supports personal blog sites on servers running PHP and MySQL.Users Ultra is a plugin for creating user communities. The WordPress Users Ultra ratings module wp-admin/admin-ajax.php script fails to adequately filter the...