6 matches found
Cross-site Scripting (XSS)
Overview org.webjars:bootstrap is a WebJar for Bootstrap. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Tooltip and Popover components due to improper neutralization of input during web page generation. An attacker can manipulate the output of web pages by...
Cross-site Scripting (XSS)
Overview org.webjars.bowergithub.twbs:bootstrap is a popular front-end framework for faster and easier web development. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Tooltip and Popover components due to improper neutralization of input during web page...
Bruno 安全漏洞
Bruno is an open source IDE for exploring and testing Api by usebruno open source. A security vulnerability exists in Bruno versions prior to 1.39.1 that stems from a custom tooltip component that could lead to a cross-site scripting attack...
Cross-Site Scripting in nextcloud-vue-collections
Versions of nextcloud-vue-collections prior to 0.4.2 are vulnerable to Cross-Site Scripting XSS. The v-tooltip component has an insecure defaultHTML configuration that allows arbitrary JavaScript to be injected in the tooltip of a collection item. This allows attackers to execute arbitrary code i...
Cross-Site Scripting
Overview All versions of materialize-css are vulnerable to Cross-Site Scripting. The tooltip component does not sufficiently sanitize user input, allowing an attacker to execute arbitrary JavaScript code if the malicious input is rendered by a user. Recommendation No fix is currently available...
GHSA-98F7-P5RC-JX67 Materialize-css vulnerable to Cross-site Scripting in tooltip component
All versions of materialize-css are vulnerable to Cross-Site Scripting. The tooltip component does not sufficiently sanitize user input, allowing an attacker to execute arbitrary JavaScript code if the malicious input is rendered by a user. Recommendation No fix is currently available. Consider...