CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4576 – Easy Bootstrap Shortcode <= 4.5.4 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2022-4576
24 Dec 2022 — The Easy Bootstrap Shortcode WordPress plugin through 4.5.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. El complemento Easy Bootstrap Shortcode de WordPress hasta 4.5.4 no valida ni escapa algunos de sus atributos de shortcode antes de devolverlos a la página, lo que podría permitir... • https://wpscan.com/vulnerability/0d679e0e-891b-44f1-ac7f-a766e12956e0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43471 – WP Bootstrap Gallery <= 1.1 - Missing Authorization
https://notcve.org/view.php?id=CVE-2022-43471
28 Oct 2022 — The WP Bootstrap Gallery plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_get_wpbgallery_update_imagetitle function in versions up to, and including, 1.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update titles of arbitrary posts. • CWE-862: Missing Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-35213
https://notcve.org/view.php?id=CVE-2022-35213
18 Aug 2022 — Ecommerce-CodeIgniter-Bootstrap before commit 56465f was discovered to contain a cross-site scripting (XSS) vulnerability via the function base_url() at /blog/blogpublish.php. Se ha detectado que Ecommerce-CodeIgniter-Bootstrap versiones anteriores al commit 56465f, contenía una vulnerabilidad de tipo cross-site scripting (XSS) por medio de la función base_url() en el archivo /blog/blogpublish.php. • https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/commit/56465fb6a83aaa934a76615a8579100938b790a1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1726 – Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in wenzhixin/bootstrap-table
https://notcve.org/view.php?id=CVE-2022-1726
16 May 2022 — Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in GitHub repository wenzhixin/bootstrap-table prior to 1.20.2. Disclosing session cookies, disclosing secure session data, exfiltrating data to third-parties. Una vulnerabilidad de tipo XSS en Bootstrap Tables con el plugin Table Export cuando exportOptions: htmlContent es true en el repositorio de GitHub wenzhixin/bootstrap-table versiones anteriores a 1.20.2. Divulgación de cookies de sesión, divulgación ... • https://github.com/wenzhixin/bootstrap-table/commit/b4a1e5dd332be652e0bc376fd9256886cf4bbde9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-26624
https://notcve.org/view.php?id=CVE-2022-26624
08 Apr 2022 — Bootstrap v3.1.11 and v3.3.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Title parameter in /vendor/views/add_product.php. Se ha detectado que Bootstrap versiones v3.1.11 y v3.3.7, contienen una vulnerabilidad de tipo cross-site scripting (XSS) por medio del parámetro Title en el archivo /vendor/views/add_product.php • https://drive.google.com/file/d/1Dp0dD9PNcwamjRi0ldD0hUOEivu48SR6/view?usp=sharing • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 6CVE-2021-23472 – Cross-site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-23472
03 Nov 2021 — This affects versions before 1.19.1 of package bootstrap-table. A type confusion vulnerability can lead to a bypass of input sanitization when the input provided to the escapeHTML function is an array (instead of a string) even if the escape attribute is set. Esto afecta a las versiones anteriores a la 1.19.1 del paquete bootstrap-table. Una vulnerabilidad de confusión de tipos puede llevar a una evasión de la sanitización de la entrada cuando la entrada proporcionada a la función escapeHTML es un array (en... • https://github.com/wenzhixin/bootstrap-table/blob/develop/src/utils/index.js%23L218 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-40975
https://notcve.org/view.php?id=CVE-2021-40975
01 Oct 2021 — Cross-site scripting (XSS) vulnerability in application/modules/admin/views/ecommerce/products.php in Ecommerce-CodeIgniter-Bootstrap (Codeigniter 3.1.11, Bootstrap 3.3.7) allows remote attackers to inject arbitrary web script or HTML via the search_title parameter. Una vulnerabilidad de tipo cross-site scripting (XSS) en el archivo application/modules/admin/views/ecommerce/products.php en Ecommerce-CodeIgniter-Bootstrap (Codeigniter versión 3.1.11, Bootstrap versión 3.3.7) permiten a atacantes remotos inye... • https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/blob/c546a716ba56e8e33b3a5def1c18a6d89c3608f5/application/modules/admin/views/ecommerce/products.php#L37 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2021-23398 – Cross-site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-23398
24 Jun 2021 — All versions of package react-bootstrap-table are vulnerable to Cross-site Scripting (XSS) via the dataFormat parameter. The problem is triggered when an invalid React element is returned, leading to dangerouslySetInnerHTML being used, which does not sanitize the output. Todas las versiones del paquete react-bootstrap-table son vulnerables a ataques de tipo Cross-site Scripting (XSS) por medio del parámetro dataFormat. El problema es desencadenado cuando se devuelve un elemento React no válido, conllevando ... • https://github.com/AllenFang/react-bootstrap-table/blob/26d07defab759e4f9bce22d1d568690830b8d9d7/src/TableBody.js%23L114-L118 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25086
https://notcve.org/view.php?id=CVE-2020-25086
03 Sep 2020 — Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/advanced_settings/adminUsers.php. Ecommerce-CodeIgniter-Bootstrap antes del 03-08-2020, permite un ataque de tipo XSS en el archivo application/modules/admin/views/advanced_settings/adminUsers.php • https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/commit/7c3c32d6526268b1c78d6d5741361e79292e9c22 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25087
https://notcve.org/view.php?id=CVE-2020-25087
03 Sep 2020 — Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/advanced_settings/languages.php. Ecommerce-CodeIgniter-Bootstrap antes del 03-08-2020, permite un ataque de tipo XSS en el archivo application/modules/admin/views/advanced_settings/languages.php • https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/commit/7c3c32d6526268b1c78d6d5741361e79292e9c22 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •