Moderate severityOSV Advisory· Published Jan 9, 2019· Updated Aug 6, 2024
CVE-2016-10735
CVE-2016-10735
Description
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
bootstrapnpm | >= 2.0.4, < 3.4.0 | 3.4.0 |
bootstrapnpm | >= 4.0.0-beta, < 4.0.0-beta.2 | 4.0.0-beta.2 |
org.webjars:bootstrapMaven | >= 2.0.4, < 3.4.0 | 3.4.0 |
org.webjars:bootstrapMaven | >= 4.0.0-beta, < 4.0.0-beta.2 | 4.0.0-beta.2 |
bootstrapRubyGems | < 4.0.0-beta.2 | 4.0.0-beta.2 |
twbs/bootstrapPackagist | >= 2.0.4, < 3.4.0 | 3.4.0 |
twbs/bootstrapPackagist | >= 4.0.0-beta, < 4.0.0-beta.2 | 4.0.0-beta.2 |
bootstrapNuGet | >= 2.0.4, < 3.4.0 | 3.4.0 |
bootstrapNuGet | >= 4.0.0-beta, < 4.0.0-beta.2 | 4.0.0-beta.2 |
bootstrap-sassnpm | >= 2.0.4, < 3.4.0 | 3.4.0 |
bootstrap-sassRubyGems | >= 2.0.4, < 3.4.0 | 3.4.0 |
bootstrap.sassNuGet | >= 4.0.0-beta, < 4.0.0-beta.2 | 4.0.0-beta.2 |
Affected products
50- osv-coords49 versionspkg:apk/chainguard/grafana-10.4pkg:apk/chainguard/grafana-10.4-oci-compatpkg:apk/chainguard/grafana-11.2pkg:apk/chainguard/grafana-11.2-oci-compatpkg:apk/chainguard/grafana-11.3pkg:apk/chainguard/grafana-11.3-oci-compatpkg:apk/chainguard/grafana-11.4pkg:apk/chainguard/grafana-11.4-oci-compatpkg:apk/chainguard/grafana-11.5pkg:apk/chainguard/grafana-11.5-oci-compatpkg:apk/chainguard/grafana-11.6pkg:apk/chainguard/grafana-11.6-oci-compatpkg:apk/chainguard/grafana-fips-11.2pkg:apk/chainguard/grafana-fips-11.2-oci-compatpkg:apk/chainguard/grafana-fips-11.3pkg:apk/chainguard/grafana-fips-11.3-oci-compatpkg:apk/chainguard/grafana-fips-11.4pkg:apk/chainguard/grafana-fips-11.4-oci-compatpkg:apk/chainguard/grafana-fips-11.5pkg:apk/chainguard/grafana-fips-11.5-oci-compatpkg:apk/chainguard/grafana-fips-11.6pkg:apk/chainguard/grafana-fips-11.6-oci-compatpkg:apk/wolfi/grafana-10.4pkg:apk/wolfi/grafana-11.2pkg:apk/wolfi/grafana-11.2-oci-compatpkg:apk/wolfi/grafana-11.3pkg:apk/wolfi/grafana-11.3-oci-compatpkg:apk/wolfi/grafana-11.4pkg:apk/wolfi/grafana-11.4-oci-compatpkg:apk/wolfi/grafana-11.5pkg:apk/wolfi/grafana-11.5-oci-compatpkg:apk/wolfi/grafana-11.6pkg:apk/wolfi/grafana-11.6-oci-compatpkg:composer/twbs/bootstrappkg:gem/bootstrappkg:gem/bootstrap-sasspkg:maven/org.webjars/bootstrappkg:npm/bootstrappkg:npm/bootstrap-sasspkg:nuget/bootstrappkg:nuget/bootstrap.sasspkg:rpm/almalinux/custodiapkg:rpm/almalinux/python3-custodiapkg:rpm/almalinux/python3-jwcryptopkg:rpm/almalinux/python3-kdcproxypkg:rpm/almalinux/python3-pyusbpkg:rpm/almalinux/python3-qrcodepkg:rpm/almalinux/python3-qrcode-corepkg:rpm/almalinux/python3-yubico
< 10.4.19.01-r4+ 48 more
- (no CPE)range: < 10.4.19.01-r4
- (no CPE)range: < 10.4.19.01-r4
- (no CPE)range: < 11.2.10.01-r7
- (no CPE)range: < 11.2.10.01-r7
- (no CPE)range: < 11.3.9-r5
- (no CPE)range: < 11.3.9-r5
- (no CPE)range: < 11.4.8-r2
- (no CPE)range: < 11.4.8-r2
- (no CPE)range: < 11.5.10-r0
- (no CPE)range: < 11.5.10-r0
- (no CPE)range: < 11.6.7-r0
- (no CPE)range: < 11.6.7-r0
- (no CPE)range: < 11.2.10.01-r6
- (no CPE)range: < 11.2.10.01-r6
- (no CPE)range: < 11.3.9-r4
- (no CPE)range: < 11.3.9-r4
- (no CPE)range: < 11.4.8-r2
- (no CPE)range: < 11.4.8-r2
- (no CPE)range: < 11.5.10-r0
- (no CPE)range: < 11.5.10-r0
- (no CPE)range: < 11.6.7-r0
- (no CPE)range: < 11.6.7-r0
- (no CPE)range: < 10.4.19.01-r4
- (no CPE)range: < 11.2.10.01-r7
- (no CPE)range: < 11.2.10.01-r7
- (no CPE)range: < 11.3.9-r5
- (no CPE)range: < 11.3.9-r5
- (no CPE)range: < 11.4.8-r2
- (no CPE)range: < 11.4.8-r2
- (no CPE)range: < 11.5.10-r0
- (no CPE)range: < 11.5.10-r0
- (no CPE)range: < 11.6.7-r0
- (no CPE)range: < 11.6.7-r0
- (no CPE)range: >= 2.0.4, < 3.4.0
- (no CPE)range: < 4.0.0-beta.2
- (no CPE)range: >= 2.0.4, < 3.4.0
- (no CPE)range: >= 2.0.4, < 3.4.0
- (no CPE)range: >= 2.0.4, < 3.4.0
- (no CPE)range: >= 2.0.4, < 3.4.0
- (no CPE)range: >= 2.0.4, < 3.4.0
- (no CPE)range: >= 4.0.0-beta, < 4.0.0-beta.2
- (no CPE)range: < 0.6.0-3.module_el8.6.0+2881+2f24dc92
- (no CPE)range: < 0.6.0-3.module_el8.6.0+2881+2f24dc92
- (no CPE)range: < 0.5.0-1.module_el8.5.0+2641+983b221b
- (no CPE)range: < 0.4-5.module_el8.6.0+2881+2f24dc92
- (no CPE)range: < 1.0.0-9.module_el8.5.0+2641+983b221b
- (no CPE)range: < 5.1-12.module_el8.6.0+2881+2f24dc92
- (no CPE)range: < 5.1-12.module_el8.6.0+2737+7e73ea90
- (no CPE)range: < 1.3.2-9.module_el8.5.0+2641+983b221b
Patches
Vulnerability mechanics
References
20- access.redhat.com/errata/RHBA-2019:1076ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHBA-2019:1570ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2019:1456ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2019:3023ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2020:0132ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2020:0133ghsavendor-advisoryx_refsource_REDHATWEB
- github.com/advisories/GHSA-4p24-vmcr-4gqjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-10735ghsaADVISORY
- blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2ghsaWEB
- blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0ghsaWEB
- blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/mitrex_refsource_MISC
- github.com/github/advisory-database/pull/3281ghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2016-10735.ymlghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2016-10735.ymlghsaWEB
- github.com/twbs/bootstrap/issues/20184ghsax_refsource_MISCWEB
- github.com/twbs/bootstrap/issues/27915ghsax_refsource_MISCWEB
- github.com/twbs/bootstrap/pull/23679ghsax_refsource_MISCWEB
- github.com/twbs/bootstrap/pull/23687ghsax_refsource_MISCWEB
- github.com/twbs/bootstrap/pull/26460ghsax_refsource_MISCWEB
- www.tenable.com/security/tns-2021-14mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.