CVE-2016-10735
MEDIUM severity · CVSS 6.1 · Cross-site scripting (XSS)
6.1CVSS MEDIUM
Summary
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges requiredNone
User interactionRequired
Confidentiality impactLow
Integrity impactLow
Availability impactNone
Exploit probability (EPSS)4%
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected products we track (1)
Recommendation
Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.
Additional information
- NVD record
- https://access.redhat.com/errata/RHBA-2019:1076
- https://access.redhat.com/errata/RHBA-2019:1570
- https://access.redhat.com/errata/RHSA-2019:1456
- https://access.redhat.com/errata/RHSA-2019:3023
- https://access.redhat.com/errata/RHSA-2020:0132
- https://access.redhat.com/errata/RHSA-2020:0133
- https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/Advisory
- https://github.com/twbs/bootstrap/issues/20184Advisory