Lucene search
K

58 matches found

GitLab Advisory Database
GitLab Advisory Database
added 2019/01/09 12:0 a.m.56 views

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

In Bootstrap, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041...

6.1CVSS2AI score0.04293EPSS
Exploits2References2Affected Software1
Positive Technologies
Positive Technologies
added 2019/01/09 12:0 a.m.8 views

PT-2019-7534 · Twitter +4 · Bootstrap +4

Name of the Vulnerable Software and Affected Versions: Bootstrap versions 2.0.4 through 3.x before 3.4.0 Bootstrap versions 4.x-beta before 4.0.0-beta.2 Description: XSS is possible in the data-target attribute. This issue is different from other known vulnerabilities. Recommendations: For...

9.8CVSS6.3AI score0.9927EPSS
Exploits66References251
OSV
OSV
added 2018/11/28 5:32 p.m.5 views

DRUPAL-CONTRIB-2018-074

This base theme bridges the gap between Drupal and the Bootstrap Framework. The theme doesn't sufficiently filter valid targets under the scenario of opening modals, popovers, and tooltips. This vulnerability is mitigated by the fact that an attacker must already have the ability to either: 1...

6.2AI score
Exploits0References1
OSV
OSV
added 2018/09/13 3:49 p.m.4 views

GHSA-PJ7M-G53M-7638 Bootstrap Cross-site Scripting vulnerability

In Bootstrap 4.x before 4.1.2, XSS is possible in the data-target property of scrollspy. This is similar to CVE-2018-14042...

6.1CVSS6.7AI score0.04293EPSS
Exploits1References23
Github Security Blog
Github Security Blog
added 2018/09/13 3:49 p.m.484 views

Bootstrap Cross-site Scripting vulnerability

In Bootstrap 4.x before 4.1.2, XSS is possible in the data-target property of scrollspy. This is similar to CVE-2018-14042...

6.1CVSS6.3AI score0.04293EPSS
Exploits1References23Affected Software6
CNVD
CNVD
added 2018/07/17 12:0 a.m.8 views

Bootstrap Cross-Site Scripting Vulnerability

Bootstrap is an open source web front-end framework developed using HTML, CSS and JavaScript . A cross-site scripting vulnerability exists in the data-target attribute of scrollspy in Bootstrap versions prior to 4.1.2. A remote attacker can exploit this vulnerability to inject arbitrary web scrip...

6.1CVSS6.2AI score0.04293EPSS
Exploits1References1
NVD
NVD
added 2018/07/13 2:29 p.m.22 views

CVE-2018-14041

In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy...

6.1CVSS6.2AI score0.04293EPSS
Exploits1References17
Prion
Prion
added 2018/07/13 2:29 p.m.36 views

Design/Logic Flaw

In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy...

4.3CVSS6AI score0.04293EPSS
Exploits1References17Affected Software1
OSV
OSV
added 2018/07/13 2:29 p.m.43 views

CVE-2018-14041

In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy...

6.1CVSS5.8AI score
Exploits0References17
UbuntuCve
UbuntuCve
added 2018/07/13 2:29 p.m.47 views

CVE-2018-14041

In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy...

6.1CVSS6.7AI score0.04293EPSS
Exploits1References5
CVE
CVE
added 2018/07/13 2:0 p.m.508 views

CVE-2018-14041

CVE-2018-14041 affects Bootstrap: XSS in the data-target attribute of scrollspy for Bootstrap versions before 4.1.2. The root cause is unvalidated input in data-target, enabling HTML/JS injection. Remediation is to upgrade to Bootstrap 4.1.2 or later (as referenced by Bootstrap’s security note). ...

6.1CVSS6AI score0.04293EPSS
Exploits1References17Affected Software1
Prion
Prion
added 2018/07/05 8:29 p.m.15 views

Cross site scripting

Cross-site scripting XSS vulnerability in mail compose in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev28 allows remote attackers to inject arbitrary web script or HTML via the data-target attribute in an HTML page wit...

4.3CVSS6AI score0.01867EPSS
Exploits3References3Affected Software1
OSV
OSV
added 2018/07/05 8:29 p.m.2 views

CVE-2018-9997

Cross-site scripting XSS vulnerability in mail compose in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev28 allows remote attackers to inject arbitrary web script or HTML via the data-target attribute in an HTML page wit...

6.1CVSS5.9AI score
Exploits0References3
CVE
CVE
added 2018/07/05 8:0 p.m.65 views

CVE-2018-9997

Open-Xchange OX App Suite contains an XSS in mail compose that can be exploited via the data-target attribute in a data-toggle gadget. Affected products/versions: OX App Suite < 7.6.3-rev31, 7.8.x < 7.8.2-rev31, 7.8.3 < 7.8.3-rev41, 7.8.4

6.1CVSS6AI score0.01867EPSS
Exploits3References3Affected Software1
CNVD
CNVD
added 2018/07/03 12:0 a.m.3 views

Open-Xchange App Suite Cross-Site Scripting Vulnerability

Open-Xchange OX App Suite is a set of Web-based cloud desktop environments from Open-Xchange USA. The environment allows users to more intuitively manage email, tasks, files, etc. mail compose is one of the mail editing components. A cross-site scripting vulnerability exists in the mail compose...

6.1CVSS5.8AI score0.01867EPSS
Exploits3References1
Veracode
Veracode
added 2017/05/15 2:16 a.m.207 views

Cross-site Scripting (XSS)

bootstrap is vulnerable to cross-site scripting XSS attacks. The attacks exist because the data-target attribute uses user-supplied input which is then interpreted directly using standard HTML entities encoding...

6.1CVSS5.5AI score0.0404EPSS
Exploits1References13Affected Software10
RubySec
RubySec
added 2016/07/27 12:0 a.m.39 views

XSS vulnerability via data-target in bootstrap

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute...

6.1CVSS2.9AI score0.0404EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2015/06/10 12:0 a.m.5 views

WordPress Users Ultra Plugin SQL Injection Vulnerability

WordPress is a blogging platform developed in the PHP language that supports personal blog sites on servers running PHP and MySQL.Users Ultra is a plugin for creating user communities. The WordPress Users Ultra ratings module wp-admin/admin-ajax.php script fails to adequately filter the...

7.5CVSS7.4AI score0.02364EPSS
Exploits2References1
Rows per page
Query Builder