← back
CVE-2016-10735

CVE-2016-10735

EPSS 4.0%
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://access.redhat.com/errata/RHBA-2019:1076https://access.redhat.com/errata/RHBA-2019:1570https://access.redhat.com/errata/RHSA-2019:1456https://access.redhat.com/errata/RHSA-2019:3023https://access.redhat.com/errata/RHSA-2020:0132https://access.redhat.com/errata/RHSA-2020:0133https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/https://github.com/twbs/bootstrap/issues/20184https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906https://github.com/twbs/bootstrap/pull/23679https://github.com/twbs/bootstrap/pull/23687https://github.com/twbs/bootstrap/pull/26460