Astra Linux - уязвимость в twitter-bootstrap3

A security vulnerability has been discovered in Bootstrap that could enable Cross-Site Scripting XSS attacks. The vulnerability is related to the “data-loading-text” attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into this attribute,...

repostat: Reflected Cross-Site Scripting (XSS) via repo prop in RepoCard

Impact The RepoCard component is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability occurs because the component uses React's dangerouslySetInnerHTML to render the repository name repo prop during the loading state without any sanitization. If a developer using this package passe...

CVE-2026-27612

Repostat is a React component to fetch and display GitHub repository info. Prior to version 1.0.1, the RepoCard component is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability occurs because the component uses React's dangerouslySetInnerHTML to render the repository name repo pro...

CVE-2026-27612

Repostat is a React component to fetch and display GitHub repository info. Prior to version 1.0.1, the RepoCard component is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability occurs because the component uses React's dangerouslySetInnerHTML to render the repository name repo pro...

Cross-Site Scripting (XSS)

Bootstrap is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of the data-loading-text attribute in the button plugin, which allows an attacker to inject and execute malicious JavaScript when the button’s loading state is triggered...