First published: Mon Jun 27 2016(Updated: )
Bootstrap is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the data-target attribute. A remote attacker could exploit this vulnerability to execute script in a victim''s Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim''s cookie-based authentication credentials.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/ansible-runner | <0:1.3.4-2.el8a | 0:1.3.4-2.el8a |
redhat/ansible-tower | <0:3.5.2-1.el8a | 0:3.5.2-1.el8a |
redhat/cfme | <0:5.11.0.28-1.el8cf | 0:5.11.0.28-1.el8cf |
redhat/cfme-amazon-smartstate | <0:5.11.0.28-1.el8cf | 0:5.11.0.28-1.el8cf |
redhat/cfme-appliance | <0:5.11.0.28-1.el8cf | 0:5.11.0.28-1.el8cf |
redhat/cfme-gemset | <0:5.11.0.28-1.el8cf | 0:5.11.0.28-1.el8cf |
redhat/ovirt-ansible-cluster-upgrade | <0:1.1.13-1.el8e | 0:1.1.13-1.el8e |
redhat/ovirt-ansible-disaster-recovery | <0:1.2.0-1.el8e | 0:1.2.0-1.el8e |
redhat/ovirt-ansible-engine-setup | <0:1.1.9-1.el8e | 0:1.1.9-1.el8e |
redhat/ovirt-ansible-hosted-engine-setup | <0:1.0.26-1.el8e | 0:1.0.26-1.el8e |
redhat/ovirt-ansible-image-template | <0:1.1.11-1.el8e | 0:1.1.11-1.el8e |
redhat/ovirt-ansible-infra | <0:1.1.12-1.el8e | 0:1.1.12-1.el8e |
redhat/ovirt-ansible-manageiq | <0:1.1.14-1.el8e | 0:1.1.14-1.el8e |
redhat/ovirt-ansible-repositories | <0:1.1.5-1.el8e | 0:1.1.5-1.el8e |
redhat/ovirt-ansible-roles | <0:1.1.7-2.el8e | 0:1.1.7-2.el8e |
redhat/ovirt-ansible-shutdown-env | <0:1.0.3-1.el8e | 0:1.0.3-1.el8e |
redhat/ovirt-ansible-vm-infra | <0:1.1.19-1.el8e | 0:1.1.19-1.el8e |
redhat/prince | <0:12.4-1.el8cf | 0:12.4-1.el8cf |
redhat/python3-ovirt-engine-sdk4 | <0:4.3.2-1.el8e | 0:4.3.2-1.el8e |
redhat/python-bambou | <0:3.0.1-2.el8cf | 0:3.0.1-2.el8cf |
redhat/python-colorama | <0:0.4.1-1.el8 | 0:0.4.1-1.el8 |
redhat/python-daemon | <0:2.1.2-9.el8a | 0:2.1.2-9.el8a |
redhat/python-funcsigs | <0:1.0.2-3.el8 | 0:1.0.2-3.el8 |
redhat/python-future | <0:0.16.0-1.el8cf | 0:0.16.0-1.el8cf |
redhat/python-lockfile | <1:0.11.0-8.el8a | 1:0.11.0-8.el8a |
redhat/python-mock | <0:2.0.0-11.el8 | 0:2.0.0-11.el8 |
redhat/python-pbr | <0:5.1.2-2.el8 | 0:5.1.2-2.el8 |
redhat/python-pexpect | <0:4.6-2.el8a | 0:4.6-2.el8a |
redhat/python-psutil | <0:5.4.3-5.el8a | 0:5.4.3-5.el8a |
redhat/python-pylxca | <0:2.1.1-2.el8cf | 0:2.1.1-2.el8cf |
redhat/python-requests-toolbelt | <0:0.8.0-2.el8cf | 0:0.8.0-2.el8cf |
redhat/python-tabulate | <0:0.8.2-1.el8cf | 0:0.8.2-1.el8cf |
redhat/python-vspk | <0:5.3.2-2.el8cf | 0:5.3.2-2.el8cf |
redhat/qpid-proton | <0:0.28.0-1.el8 | 0:0.28.0-1.el8 |
redhat/repmgr10 | <0:4.0.6-3.el8cf | 0:4.0.6-3.el8cf |
redhat/rubygem-bcrypt | <0:3.1.13-1.el8cf | 0:3.1.13-1.el8cf |
redhat/rubygem-byebug | <0:11.0.1-1.el8cf | 0:11.0.1-1.el8cf |
redhat/rubygem-ffi | <0:1.9.25-1.el8cf | 0:1.9.25-1.el8cf |
redhat/rubygem-hamlit | <0:2.8.10-1.el8cf | 0:2.8.10-1.el8cf |
redhat/rubygem-nio4r | <0:2.4.0-1.el8cf | 0:2.4.0-1.el8cf |
redhat/rubygem-nokogiri | <0:1.8.5-1.el8cf | 0:1.8.5-1.el8cf |
redhat/rubygem-ovirt-engine-sdk4 | <0:4.3.0-1.el8cf | 0:4.3.0-1.el8cf |
redhat/rubygem-puma | <0:3.7.1-1.el8cf | 0:3.7.1-1.el8cf |
redhat/rubygem-rugged | <0:0.28.2-1.el8cf | 0:0.28.2-1.el8cf |
redhat/rubygem-sassc | <0:2.0.1-1.el8cf | 0:2.0.1-1.el8cf |
redhat/rubygem-sqlite3 | <0:1.3.13-2.el8cf | 0:1.3.13-2.el8cf |
redhat/rubygem-surro-gate | <0:1.0.5-1.el8cf | 0:1.0.5-1.el8cf |
redhat/rubygem-websocket-driver | <0:0.6.5-1.el8cf | 0:0.6.5-1.el8cf |
redhat/smem | <0:1.4-1.el8cf | 0:1.4-1.el8cf |
redhat/v2v-conversion-host | <0:1.14.2-1.el8e | 0:1.14.2-1.el8e |
redhat/wmi | <0:1.3.14-8.el8cf | 0:1.3.14-8.el8cf |
redhat/ipa | <0:4.6.8-5.el7 | 0:4.6.8-5.el7 |
redhat/eap7-hal-console | <0:3.3.16-1.Final_redhat_00001.1.el8ea | 0:3.3.16-1.Final_redhat_00001.1.el8ea |
redhat/eap7-hal-console | <0:3.3.16-1.Final_redhat_00001.1.el9ea | 0:3.3.16-1.Final_redhat_00001.1.el9ea |
redhat/eap7-hal-console | <0:3.3.16-1.Final_redhat_00001.1.el7ea | 0:3.3.16-1.Final_redhat_00001.1.el7ea |
redhat/ovirt-engine-api-explorer | <0:0.0.4-1.el7e | 0:0.0.4-1.el7e |
redhat/ovirt-engine-api-explorer | <0:0.0.5-1.el7e | 0:0.0.5-1.el7e |
redhat/ovirt-engine-ui-extensions | <0:1.0.10-1.el7e | 0:1.0.10-1.el7e |
Getbootstrap Bootstrap | >=3.0.0<3.4.0 | |
Getbootstrap Bootstrap | =4.0.0-beta | |
redhat/bootstrap | <3.4.0 | 3.4.0 |
redhat/bootstrap | <4.0.0 | 4.0.0 |
npm/bootstrap | >=2.0.4<3.4.0 | 3.4.0 |
npm/bootstrap | >=4.0.0-beta<4.0.0-beta.2 | 4.0.0-beta.2 |
nuget/bootstrap.sass | >=4.0.0-beta<4.0.0-beta.2 | 4.0.0-beta.2 |
rubygems/bootstrap-sass | >=2.0.4<3.4.0 | 3.4.0 |
npm/bootstrap-sass | >=2.0.4<3.4.0 | 3.4.0 |
nuget/bootstrap | >=4.0.0-beta<4.0.0-beta.2 | 4.0.0-beta.2 |
nuget/bootstrap | >=2.0.4<3.4.0 | 3.4.0 |
composer/twbs/bootstrap | >=4.0.0-beta<4.0.0-beta.2 | 4.0.0-beta.2 |
composer/twbs/bootstrap | >=2.0.4<3.4.0 | 3.4.0 |
rubygems/bootstrap | <4.0.0-beta.2 | 4.0.0-beta.2 |
maven/org.webjars:bootstrap | >=4.0.0-beta<4.0.0-beta.2 | 4.0.0-beta.2 |
maven/org.webjars:bootstrap | >=2.0.4<3.4.0 | 3.4.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)