cve

CVE-2022-30115

Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or the...

4.0 CVSS

2022-06-02T14:15:00

veracode

Cross-Site Scripting (XSS)

bootstrap-table is vulnerable to cross-site scripting. The vulnerability exists in onCellHtmlData() when the exportOptions is set to true which allows an attacker to inject and execute maliciously crafted...

3.5 CVSS

2022-05-18T13:56:03

github

Regular expression denial of service in apache shenyu

In Apache ShenYui, ShenYu-Bootstrap, RegexPredicateJudge.java uses Pattern.matches(conditionData.getParamValue(), realData) to make judgments, where both parameters are controllable by the user. This can cause an attacker pass in malicious regular expressions and characters causing a resource...

5.0 CVSS

2022-05-18T00:00:47

osv

Regular expression denial of service in apache shenyu

In Apache ShenYui, ShenYu-Bootstrap, RegexPredicateJudge.java uses Pattern.matches(conditionData.getParamValue(), realData) to make judgments, where both parameters are controllable by the user. This can cause an attacker pass in malicious regular expressions and characters causing a resource...

5.0 CVSS

2022-05-18T00:00:47

github

Cross-site Scripting in bootstrap-table

Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in GitHub repository wenzhixin/bootstrap-table prior to 1.20.2. Disclosing session cookies, disclosing secure session data, exfiltrating data to...

3.5 CVSS

2022-05-17T00:01:42

osv

Cross-site Scripting in bootstrap-table

Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in GitHub repository wenzhixin/bootstrap-table prior to 1.20.2. Disclosing session cookies, disclosing secure session data, exfiltrating data to...

3.5 CVSS

2022-05-17T00:01:42

cve

CVE-2022-1726

Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in GitHub repository wenzhixin/bootstrap-table prior to 1.20.2. Disclosing session cookies, disclosing secure session data, exfiltrating data to...

3.5 CVSS

2022-05-16T15:15:00

cve

CVE-2022-21476

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

5.0 CVSS

2022-04-19T21:15:00

cve

CVE-2022-21443

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit...

4.3 CVSS

2022-04-19T21:15:00

cve

CVE-2022-21496

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

5.0 CVSS

2022-04-19T21:15:00

cve

CVE-2022-26624

Bootstrap v3.1.11 and v3.3.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Title parameter in...

4.3 CVSS

2022-04-08T09:15:00

patchstack

WordPress WS Bootstrap plugin <= 1.0.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability discovered in WordPress WS Bootstrap plugin (versions <= 1.0.2). Solution No patched version...

2022-02-28T00:00:00

patchstack

WordPress WS Bootstrap plugin <= 1.0.2 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress WS Bootstrap plugin (versions <= 1.0.2). Solution No patched version...

2022-02-28T00:00:00

wpvulndb

Unauthorised AJAX Calls via Freemius

The plugins and themes use an insecure version of the Freemius Framework, which is lacking CSRF and/or authorisation in some of its AJAX actions. As a result, any authenticated users, such as subscriber could access the debug logs. Unauthenticated attackers could also make a logged in admin toggle...

2022-02-28T00:00:00

cve

CVE-2022-23308

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF...

4.3 CVSS

2022-02-26T05:15:00

github

Cross-site scripting in react-bootstrap-table

All versions of package react-bootstrap-table are vulnerable to Cross-site Scripting (XSS) via the dataFormat parameter. The problem is triggered when an invalid React element is returned, leading to dangerouslySetInnerHTML being used, which does not sanitize the...

4.3 CVSS

2021-12-10T18:58:49

github

Cross-site Scripting in bootstrap-table

This affects all versions of package bootstrap-table. A type confusion vulnerability can lead to a bypass of input sanitization when the input provided to the escapeHTML function is an array (instead of a string) even if the escape attribute is...

4.3 CVSS

2021-11-08T17:54:46

veracode

Cross-site Scripting (XSS)

bootstrap-table is vulnerable to cross-site scripting. Lack of input sanitization in the escapeHTML function of index.js allows an attacker to inject and execute malicious javascript even if the escape attribute is...

4.3 CVSS

2021-11-05T04:45:10

cve

CVE-2021-23472

This affects versions before 1.19.1 of package bootstrap-table. A type confusion vulnerability can lead to a bypass of input sanitization when the input provided to the escapeHTML function is an array (instead of a string) even if the escape attribute is...

4.3 CVSS

2021-11-03T18:15:00

cve

CVE-2021-40975

Cross-site scripting (XSS) vulnerability in application/modules/admin/views/ecommerce/products.php in Ecommerce-CodeIgniter-Bootstrap (Codeigniter 3.1.11, Bootstrap 3.3.7) allows remote attackers to inject arbitrary web script or HTML via the search_title...

4.3 CVSS

2021-10-01T16:15:00

affectedSoftware.name:"bootstrap"

CVE-2022-30115

Cross-Site Scripting (XSS)

Regular expression denial of service in apache shenyu

Regular expression denial of service in apache shenyu

Cross-site Scripting in bootstrap-table

Cross-site Scripting in bootstrap-table

CVE-2022-1726

CVE-2022-21476

CVE-2022-21443

CVE-2022-21496

CVE-2022-26624

WordPress WS Bootstrap plugin <= 1.0.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

WordPress WS Bootstrap plugin <= 1.0.2 - Sensitive Information Disclosure vulnerability

Unauthorised AJAX Calls via Freemius

CVE-2022-23308

Cross-site scripting in react-bootstrap-table

Cross-site Scripting in bootstrap-table

Cross-site Scripting (XSS)

CVE-2021-23472

CVE-2021-40975