logo

Database

Reflected cross-site scripting (XSS) In twitter-bootstrap3

Description

Bootstrap Cross-site Scripting vulnerability In Bootstrap 2.x from 2.0.4, 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute. Note that this is a different vulnerability than CVE-2018-14041.

See https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/ for more info.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

1-10 of 16

10

Aliases

1. CVE-2016-107352. NVD-2016-107353. OSV-DEBIAN-2016-107354. OSV-2016-107355. GHSA-4p24-vmcr-4gqj6. GCVE-2016-107357. SECURITY-TRACKER-CVE-2016-107358. access.redhat.com9. access.redhat.com10. access.redhat.com11. access.redhat.com12. access.redhat.com13. access.redhat.com14. https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2016-10735.yml15. https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2016-10735.yml

References

1. https://github.com/Yumeae/Bootstrap-with-XSS2. https://github.com/twbs/bootstrap/issues/27915#issuecomment-4521409063. https://github.com/twbs/bootstrap/issues/201844. https://github.com/twbs/bootstrap/pull/264605. https://github.com/twbs/bootstrap/pull/236876. https://github.com/twbs/bootstrap/pull/236797. https://github.com/github/advisory-database/pull/32818. https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2016-10735.yml9. https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2016-10735.yml10. https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-011. https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-212. https://github.com/twbs/bootstrap13. https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.