casey/bootstrap
CVE History
| CVE | Affected | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|---|
| = * | — | — | ||
Rejected reason: This was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior fell outside the scope of Bootstrap’s security model, and the associated CVE has been rescinded. | ||||
| = * | — | — | ||
Rejected reason: This was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior fell outside the scope of Bootstrap’s security model, and the associated CVE has been rescinded. | ||||
| < 3.4.1, >= 4.3.0, < 4.3.1 | 6.1 MEDIUM | 4.3 MEDIUM | ||
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. | ||||
| < 3.4.0 | — | 4.3 MEDIUM | ||
In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute. | ||||
| < 3.4.0 | — | 4.3 MEDIUM | ||
In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property. | ||||
| = 4.0.0, >= 3.0.0, < 3.4.0 | — | 4.3 MEDIUM | ||
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041. | ||||
| >= 4.0.0, < 4.1.2, = 4.0.0, < 3.4.0 | — | 4.3 MEDIUM | ||
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute. | ||||
| >= 4.0.0, < 4.1.2, = 4.0.0 | — | 4.3 MEDIUM | ||
In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy. | ||||
| >= 4.0.0, < 4.1.2, = 4.0.0, < 3.4.0 | — | 4.3 MEDIUM | ||
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. | ||||