Twbs
Products
2- 8 CVEs
- 1 CVE
Recent CVEs
7| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-10842 | Cri | 0.64 | 9.8 | 0.05 | Apr 4, 2019 | Arbitrary code execution (via backdoor code) was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the ___cfduid cookie value with base64 arbitrary code to be executed via eval(), which can be leveraged to execute… | ||
| CVE-2024-6485 | Med | 0.42 | 6.4 | 0.00 | Jul 11, 2024 | A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting (XSS) attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript… | ||
| CVE-2025-1647 | Med | 0.36 | 5.6 | 0.00 | May 15, 2025 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bootstrap allows Cross-Site Scripting (XSS).This issue affects Bootstrap: from 3.4.1 before 4.0.0. | ||
| CVE-2019-8331 | Med | 0.34 | 6.1 | 0.17 | Feb 20, 2019 | In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. | ||
| CVE-2018-20677 | Med | 0.33 | 6.1 | 0.04 | Jan 9, 2019 | In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property. | ||
| CVE-2018-20676 | Med | 0.33 | 6.1 | 0.04 | Jan 9, 2019 | In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute. | ||
| CVE-2016-10735 | Med | 0.33 | 6.1 | 0.04 | Jan 9, 2019 | In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041. |
- risk 0.64cvss 9.8epss 0.05
Arbitrary code execution (via backdoor code) was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the ___cfduid cookie value with base64 arbitrary code to be executed via eval(), which can be leveraged to execute…
- risk 0.42cvss 6.4epss 0.00
A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting (XSS) attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript…
- risk 0.36cvss 5.6epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bootstrap allows Cross-Site Scripting (XSS).This issue affects Bootstrap: from 3.4.1 before 4.0.0.
- risk 0.34cvss 6.1epss 0.17
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
- risk 0.33cvss 6.1epss 0.04
In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.
- risk 0.33cvss 6.1epss 0.04
In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.
- risk 0.33cvss 6.1epss 0.04
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.