Lucene search

Getbootstrap Security Vulnerabilities

cve

CVE-2016-10735

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.

6.1CVSS

6.2AI Score

0.004EPSS

2019-01-09 05:29 AM

327

cve

CVE-2018-14040

In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.

6.1CVSS

6.1AI Score

0.008EPSS

2018-07-13 02:29 PM

535

cve

CVE-2018-14041

In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.

6.1CVSS

6AI Score

0.004EPSS

2018-07-13 02:29 PM

206

cve

CVE-2018-14042

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.

6.1CVSS

6.1AI Score

0.005EPSS

2018-07-13 02:29 PM

401

cve

CVE-2018-20676

In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.

6.1CVSS

6AI Score

0.003EPSS

2019-01-09 05:29 AM

399

cve

CVE-2018-20677

In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.

6.1CVSS

6AI Score

0.004EPSS

2019-01-09 05:29 AM

379

cve

CVE-2019-10842

Arbitrary code execution (via backdoor code) was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the ___cfduid cookie value with base64 arbitrary code to be executed via eval(), which can be leveraged to execute arbitrary code on the ta...

9.8CVSS

9.8AI Score

0.461EPSS

2019-04-04 04:29 AM

cve

CVE-2019-8331

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.

6.1CVSS

5.8AI Score

0.003EPSS

2019-02-20 04:29 PM

1033