Getbootstrap: >> Bootstrap Security Vulnerabilities
A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.
CVSS Score
6.4
EPSS Score
0.001
Published
2024-07-11
A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.
CVSS Score
6.4
EPSS Score
0.0
Published
2024-07-11
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
CVSS Score
6.1
EPSS Score
0.023
Published
2019-02-20
In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.
CVSS Score
6.1
EPSS Score
0.055
Published
2019-01-09
In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.
CVSS Score
6.1
EPSS Score
0.132
Published
2019-01-09
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
CVSS Score
6.1
EPSS Score
0.062
Published
2019-01-09
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
CVSS Score
6.1
EPSS Score
0.016
Published
2018-07-13
In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.
CVSS Score
6.1
EPSS Score
0.068
Published
2018-07-13
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
CVSS Score
6.1
EPSS Score
0.017
Published
2018-07-13