Search CVE reports
1 – 10 of 11 results
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bootstrap allows Cross-Site Scripting (XSS).This issue affects Bootstrap: from 3.4.1 before 4.0.0.
1 affected package
twitter-bootstrap3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| twitter-bootstrap3 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Rejected reason: This was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior fell outside the scope of Bootstrap’s security...
2 affected packages
twitter-bootstrap3, twitter-bootstrap4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| twitter-bootstrap3 | Not affected | Not affected | Not affected | Not affected |
| twitter-bootstrap4 | Fixed | Fixed | Fixed | — |
A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting (XSS) attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can...
1 affected package
twitter-bootstrap3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| twitter-bootstrap3 | Fixed | Fixed | Fixed | Fixed |
Rejected reason: This was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior fell outside the scope of Bootstrap’s security...
2 affected packages
twitter-bootstrap3, twitter-bootstrap4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| twitter-bootstrap3 | Fixed | Fixed | Fixed | Fixed |
| twitter-bootstrap4 | Not affected | Not affected | Not affected | — |
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
3 affected packages
twitter-bootstrap, twitter-bootstrap3, twitter-bootstrap4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| twitter-bootstrap | Not in release | Not in release | Not in release | Needs evaluation |
| twitter-bootstrap3 | Not affected | Not affected | Not affected | Vulnerable |
| twitter-bootstrap4 | Not affected | Not affected | Not affected | Not in release |
In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.
3 affected packages
twitter-bootstrap, twitter-bootstrap3, twitter-bootstrap4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| twitter-bootstrap | Not in release | Not in release | Not in release | Needs evaluation |
| twitter-bootstrap3 | Not affected | Not affected | Not affected | Vulnerable |
| twitter-bootstrap4 | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.
3 affected packages
twitter-bootstrap, twitter-bootstrap4, twitter-bootstrap3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| twitter-bootstrap | Not in release | Not in release | Not in release | Needs evaluation |
| twitter-bootstrap4 | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
| twitter-bootstrap3 | Not affected | Not affected | Not affected | Vulnerable |
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
2 affected packages
twitter-bootstrap, twitter-bootstrap3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| twitter-bootstrap | Not in release | Not in release | Not in release | Needs evaluation |
| twitter-bootstrap3 | Not affected | Not affected | Not affected | Vulnerable |
In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.
2 affected packages
twitter-bootstrap, twitter-bootstrap3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| twitter-bootstrap | — | — | — | Not affected |
| twitter-bootstrap3 | — | — | — | Not affected |
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
2 affected packages
twitter-bootstrap, twitter-bootstrap3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| twitter-bootstrap | Not in release | Not in release | Not in release | Needs evaluation |
| twitter-bootstrap3 | Not affected | Not affected | Not affected | Vulnerable |