Getbootstrap

getbootstrap

8 CVEs • 2 products

Products (2)

Click to collapse

Toggle

CVEs (8)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-10842 1Getbootstrap 1Bootstrap Sass Nov 21, 2024 Apr 4, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Arbitrary code execution (via backdoor code) was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the ___cfduid cookie value with base64 arbitrary code to be...Show more Arbitrary code execution (via backdoor code) was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the ___cfduid cookie value with base64 arbitrary code to be executed via eval(), which can be leveraged to execute arbitrary code on the target system. Note that there are three underscore characters in the cookie name. This is unrelated to the __cfduid cookie that is legitimately used by Cloudflare.Show less
CVE-2019-8331 4F5 GetbootstrapRedhat+1 more 16Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Analytics+13 more Nov 21, 2024 Feb 20, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
CVE-2018-20677 1Getbootstrap 1Bootstrap Nov 21, 2024 Jan 9, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.
CVE-2018-20676 1Getbootstrap 1Bootstrap Nov 21, 2024 Jan 9, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.
CVE-2016-10735 1Getbootstrap 1Bootstrap Nov 21, 2024 Jan 9, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
CVE-2018-14042 1Getbootstrap 1Bootstrap Nov 21, 2024 Jul 13, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
CVE-2018-14041 1Getbootstrap 1Bootstrap Nov 21, 2024 Jul 13, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.
CVE-2018-14040 2Debian Getbootstrap 2Bootstrap Debian Linux Nov 21, 2024 Jul 13, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.