Vulnerabilities (CVE)

Filtered by vendor Getbootstrap Subscribe
Total 8 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-8331 4 F5, Getbootstrap, Redhat and 1 more 16 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 13 more 2022-05-16 4.3 MEDIUM 6.1 MEDIUM
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
CVE-2018-20677 1 Getbootstrap 1 Bootstrap 2021-07-22 4.3 MEDIUM 6.1 MEDIUM
In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.
CVE-2018-20676 1 Getbootstrap 1 Bootstrap 2021-07-22 4.3 MEDIUM 6.1 MEDIUM
In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.
CVE-2016-10735 1 Getbootstrap 1 Bootstrap 2021-07-22 4.3 MEDIUM 6.1 MEDIUM
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
CVE-2018-14042 1 Getbootstrap 1 Bootstrap 2021-07-22 4.3 MEDIUM 6.1 MEDIUM
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
CVE-2018-14040 2 Debian, Getbootstrap 2 Debian Linux, Bootstrap 2021-07-22 4.3 MEDIUM 6.1 MEDIUM
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
CVE-2018-14041 1 Getbootstrap 1 Bootstrap 2021-06-14 4.3 MEDIUM 6.1 MEDIUM
In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.
CVE-2019-10842 1 Getbootstrap 1 Bootstrap-sass 2019-04-11 10.0 HIGH 9.8 CRITICAL
Arbitrary code execution (via backdoor code) was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the ___cfduid cookie value with base64 arbitrary code to be executed via eval(), which can be leveraged to execute arbitrary code on the target system. Note that there are three underscore characters in the cookie name. This is unrelated to the __cfduid cookie that is legitimately used by Cloudflare.