In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
6.1CVSS
6.2AI Score
0.004EPSS
6.1CVSS
6.1AI Score
0.008EPSS
In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.
6.1CVSS
6AI Score
0.004EPSS
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
6.1CVSS
6.1AI Score
0.005EPSS
6.1CVSS
6AI Score
0.003EPSS
In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.
6.1CVSS
6AI Score
0.004EPSS
Arbitrary code execution (via backdoor code) was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the ___cfduid cookie value with base64 arbitrary code to be executed via eval(), which can be leveraged to execute arbitrary code on the ta...
9.8CVSS
9.8AI Score
0.461EPSS
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
6.1CVSS
5.8AI Score
0.003EPSS