Shodan
Vulnerabilities
Vulnerable Software
Getbootstrap:  Security Vulnerabilities
CVE-2024-6531
A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.
CVSS Score
6.4
EPSS Score
0.001
Published
2024-07-11
CVE-2024-6484
A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.
CVSS Score
6.4
EPSS Score
0.0
Published
2024-07-11
CVE-2019-10842
Arbitrary code execution (via backdoor code) was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the ___cfduid cookie value with base64 arbitrary code to be executed via eval(), which can be leveraged to execute arbitrary code on the target system. Note that there are three underscore characters in the cookie name. This is unrelated to the __cfduid cookie that is legitimately used by Cloudflare.
CVSS Score
9.8
EPSS Score
0.118
Published
2019-04-04
CVE-2019-8331
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
CVSS Score
6.1
EPSS Score
0.023
Published
2019-02-20
CVE-2018-20676
In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.
CVSS Score
6.1
EPSS Score
0.063
Published
2019-01-09
CVE-2018-20677
In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.
CVSS Score
6.1
EPSS Score
0.148
Published
2019-01-09
CVE-2016-10735
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
CVSS Score
6.1
EPSS Score
0.062
Published
2019-01-09
CVE-2018-14040
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
CVSS Score
6.1
EPSS Score
0.016
Published
2018-07-13
CVE-2018-14041
In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.
CVSS Score
6.1
EPSS Score
0.079
Published
2018-07-13
CVE-2018-14042
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
CVSS Score
6.1
EPSS Score
0.017
Published
2018-07-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved