CVE-2016-10735Cross-site Scripting in Bootstrap

CWE-79Cross-site Scripting15 documents8 sources
Severity
6.1MEDIUMNVD
EPSS
6.6%
top 8.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Getbootstrap BootstrapTwbs BootstrapBootstrap-sass
Timeline
PublishedJan 9
Latest updateFeb 24

Description

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages7 packages

Packagisttwbs/bootstrap2.0.43.4.0+1
NVDgetbootstrap/bootstrap3.0.03.4.0+1
NuGetgetbootstrap/bootstrap2.0.43.4.0+1
RubyGemsgetbootstrap/bootstrap< 4.0.0-beta.2
npmgetbootstrap/bootstrap2.0.43.4.0+1

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
GHSA
Bootstrap Cross-site Scripting vulnerability2019-01-17
OSV
Bootstrap Cross-site Scripting vulnerability2019-01-17
OSV
CVE-2016-10735: In Bootstrap 32019-01-09
CVEList
CVE-2016-10735: In Bootstrap 32019-01-09

📋Vendor Advisories

3
CISA ICS
Mitsubishi Electric EcoWebServerIII2022-02-24
Red Hat
bootstrap: XSS in the data-target attribute2016-06-27
Debian
CVE-2016-10735: twitter-bootstrap3 - In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible ...2016

💬Community

7
Bugzilla
CVE-2016-10735 python-XStatic-Bootstrap-SCSS: bootstrap: XSS in the data-target attribute [epel-7]2019-01-29
Bugzilla
CVE-2016-10735 python-XStatic-Bootstrap-SCSS: bootstrap: XSS in the data-target attribute [openstack-rdo]2019-01-29
Bugzilla
CVE-2016-10735 rubygem-bootstrap-sass: bootstrap: XSS in the data-target attribute [fedora-all]2019-01-29
Bugzilla
CVE-2016-10735 python-XStatic-Bootstrap-SCSS: bootstrap: XSS in the data-target attribute [fedora-all]2019-01-29
Bugzilla
CVE-2016-10735 python-XStatic-Bootstrap-SCSS: bootstrap: XSS in the data-target attribute [epel-7]2019-01-21
CVE-2016-10735 — Cross-site Scripting in Bootstrap | cvebase