CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-6485 – XSS in Bootstrap button component
https://notcve.org/view.php?id=CVE-2024-6485
11 Jul 2024 — A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting (XSS) attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribute, which would then be executed when the button's loading state is triggered. A vulnerability was found in bootstrap associated with the data-loading-text attribute within the button plugin. This vulnerability all... • https://www.herodevs.com/vulnerability-directory/cve-2024-6485 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6484 – XSS in Bootstrap carousel component
https://notcve.org/view.php?id=CVE-2024-6484
11 Jul 2024 — A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser. • https://www.herodevs.com/vulnerability-directory/cve-2024-6484 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 2%CPEs: 56EXPL: 3CVE-2019-8331 – bootstrap: XSS in the tooltip or popover data-template attribute
https://notcve.org/view.php?id=CVE-2019-8331
20 Feb 2019 — In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. En Bootstrap, en versiones anteriores a la 3.4.1 y versiones 4.3.x anteriores a la 4.3.1, es posible Cross-Site Scripting (XSS) en los atributos de data-template tooltip o popover. A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popov... • https://github.com/Thampakon/CVE-2019-8331 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 6%CPEs: 2EXPL: 2CVE-2016-10735 – bootstrap: XSS in the data-target attribute
https://notcve.org/view.php?id=CVE-2016-10735
09 Jan 2019 — In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041. En las versiones de Bootstrap anteriores a la 3.4.0 y en las 4.x-beta anteriores a la 4.0.0-beta.2, Cross-Site Scripting (XSS) es posible en el atributo "data-target". Se trata de una vulnerabilidad diferente de CVE-2018-14041. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. T... • https://github.com/ossf-cve-benchmark/CVE-2016-10735 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 13%CPEs: 1EXPL: 2CVE-2018-20677 – bootstrap: XSS in the affix configuration target property
https://notcve.org/view.php?id=CVE-2018-20677
09 Jan 2019 — In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property. En Bootstrap, en versiones anteriores a la 3.4.0, Cross-Site Scripting (XSS) es posible en la propiedad "affix" en la configuración. A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting caused by improper validation of user-supplied input by the affix configuration target property. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the h... • https://github.com/ossf-cve-benchmark/CVE-2018-20677 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 4%CPEs: 1EXPL: 1CVE-2018-20676 – bootstrap: XSS in the tooltip data-viewport attribute
https://notcve.org/view.php?id=CVE-2018-20676
09 Jan 2019 — In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute. En Bootstrap, en versiones anteriores a la 3.4.0, Cross-Site Scripting (XSS) es posible en el atributo "data-viewport". A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the tooltip data-viewport attribute. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hosting Web site, whi... • https://github.com/ossf-cve-benchmark/CVE-2018-20676 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 11EXPL: 3CVE-2018-14042 – bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip
https://notcve.org/view.php?id=CVE-2018-14042
13 Jul 2018 — In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. En Bootstrap en versiones anteriores a la 4.1.2, es posible Cross-Site Scripting (XSS) en la propiedad data-container de tooltip. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixe... • https://github.com/ossf-cve-benchmark/CVE-2018-14042 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 12EXPL: 3CVE-2018-14040 – bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute
https://notcve.org/view.php?id=CVE-2018-14040
13 Jul 2018 — In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute. En Bootstrap en versiones anteriores a la 4.1.2, es posible Cross-Site Scripting (XSS) en el atributo collapse data-parent. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enha... • https://github.com/ossf-cve-benchmark/CVE-2018-14040 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •