Bootstrap Security Vulnerabilities and Issues — Bootstrap CVE List

GetbootstrapBootstrap

7 matches found

CVE•added 2019/02/20 4:0 p.m.•1506 views

CVE-2019-8331

CVE-2019-8331 affects Bootstrap: XSS in tooltip/popover data-template attribute observed in Bootstrap 3.4.1 and 4.3.x before 4.3.1. The underlying issue is an input that can inject script into a client browser when the vulnerable template is rendered. Affected versions include Bootstrap 3.x prior...

6.1CVSS5.8AI score0.01668EPSS

CVE•added 2018/07/13 2:0 p.m.•829 views

CVE-2018-14040

CVE-2018-14040 affects Bootstrap prior to 4.1.2, where an XSS vulnerability exists in the collapse data-parent attribute. The root cause is HTML/script-injection via the collapse component’s data-parent handling. The vulnerability impacts Bootstrap-based implementations using collapse and can lea...

6.1CVSS6.1AI score0.01972EPSS

CVE•added 2019/01/09 5:0 a.m.•681 views

CVE-2018-20676

CVE-2018-20676 affects Bootstrap 3.x up to 3.4.0, where XSS is possible via the tooltip data-viewport attribute due to unsafe handling of input. Affected component: tooltip data-viewport. Impact stated: cross-site scripting with potential partial integrity impact; no exploitation details provided...

6.1CVSS6AI score0.05541EPSS

CVE•added 2018/07/13 2:0 p.m.•668 views

CVE-2018-14042

CVE-2018-14042 refers to Bootstrap prior to 4.1.2 where the data-container property used by tooltips can trigger cross-site scripting (XSS). The vulnerability arises in the tooltip component’s handling of the data-container attribute, enabling injection of arbitrary HTML/JS when the affected Boot...

6.1CVSS6.1AI score0.02281EPSS

CVE•added 2019/01/09 5:0 a.m.•535 views

CVE-2018-20677

Bootstrap before 3.4.0 is vulnerable to cross-site scripting via the affix configuration target property due to improper handling of input in that attribute. The issue enables XSS in the affected component, and the condition is described as existing in Bootstrap 3.x prior to 3.4.0. Public referen...

6.1CVSS6AI score0.09805EPSS

CVE•added 2019/01/09 5:0 a.m.•521 views

CVE-2016-10735

CVE-2016-10735 affects Bootstrap 3.x prior to 3.4.0 and 4.x-beta prior to 4.0.0-beta.2, enabling cross-site scripting via the data-target attribute. This is a distinct issue from CVE-2018-14041. The vulnerability arises from improper handling of data-target, allowing injected scripts/HTML through...

6.1CVSS6.2AI score0.05337EPSS

CVE•added 2018/07/13 2:0 p.m.•388 views

CVE-2018-14041

CVE-2018-14041 affects Bootstrap: XSS in the data-target attribute of scrollspy for Bootstrap versions before 4.1.2. The root cause is unvalidated input in data-target, enabling HTML/JS injection. Remediation is to upgrade to Bootstrap 4.1.2 or later (as referenced by Bootstrap’s security note). ...

6.1CVSS6AI score0.07723EPSS