casey/bootstrap

casey/bootstrap

Releases0
Stars1
Invoke `x.py` slightly more conveniently

CVE History

CVEAffectedPublishedCVSS v3CVSS v2
= *

Rejected reason: This was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior fell outside the scope of Bootstrap’s security model, and the associated CVE has been rescinded.

= *

Rejected reason: This was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior fell outside the scope of Bootstrap’s security model, and the associated CVE has been rescinded.

< 3.4.1, >= 4.3.0, < 4.3.16.1 MEDIUM4.3 MEDIUM

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.

< 3.4.04.3 MEDIUM

In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.

< 3.4.04.3 MEDIUM

In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.

= 4.0.0, >= 3.0.0, < 3.4.04.3 MEDIUM

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.

>= 4.0.0, < 4.1.2, = 4.0.0, < 3.4.04.3 MEDIUM

In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.

>= 4.0.0, < 4.1.2, = 4.0.04.3 MEDIUM

In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.

>= 4.0.0, < 4.1.2, = 4.0.0, < 3.4.04.3 MEDIUM

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.