ΠΠΏΠΈΡΠ°Π½ΠΈΠ΅
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
ΠΠ°ΠΊΠ΅ΡΡ
| ΠΠ°ΠΊΠ΅Ρ | Π‘ΡΠ°ΡΡΡ | ΠΠ΅ΡΡΠΈΡ ΠΈΡΠΏΡΠ°Π²Π»Π΅Π½ΠΈΡ | Π Π΅Π»ΠΈΠ· | Π’ΠΈΠΏ |
|---|---|---|---|---|
| twitter-bootstrap4 | fixed | 4.3.1+dfsg2-1 | package | |
| twitter-bootstrap3 | fixed | 3.4.1+dfsg-1 | package | |
| twitter-bootstrap3 | fixed | 3.3.7+dfsg-2+deb9u2 | stretch | package |
| twitter-bootstrap3 | no-dsa | jessie | package | |
| twitter-bootstrap | removed | package | ||
| twitter-bootstrap | no-dsa | stretch | package | |
| twitter-bootstrap | no-dsa | jessie | package |
ΠΡΠΈΠΌΠ΅ΡΠ°Π½ΠΈΡ
https://github.com/twbs/bootstrap/pull/28236
EPSS
Π‘Π²ΡΠ·Π°Π½Π½ΡΠ΅ ΡΡΠ·Π²ΠΈΠΌΠΎΡΡΠΈ
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
Bootstrap Vulnerable to Cross-Site Scripting
Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡΡ ΠΊΠΎΠΌΠΏΠΎΠ½Π΅Π½ΡΠΎΠ² tooltip ΠΈ popover Π½Π°Π±ΠΎΡΠ° ΠΈΠ½ΡΡΡΡΠΌΠ΅Π½ΡΠΎΠ² Π΄Π»Ρ ΡΠΎΠ·Π΄Π°Π½ΠΈΡ ΡΠ°ΠΉΡΠΎΠ² ΠΈ Π²Π΅Π±-ΠΏΡΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΠΉ Bootstrap, ΠΏΠΎΠ·Π²ΠΎΠ»ΡΡΡΠ°Ρ Π½Π°ΡΡΡΠΈΡΠ΅Π»Ρ ΠΎΡΡΡΠ΅ΡΡΠ²Π»ΡΡΡ ΠΌΠ΅ΠΆΡΠ°ΠΉΡΠΎΠ²ΡΠ΅ ΡΡΠ΅Π½Π°ΡΠ½ΡΠ΅ Π°ΡΠ°ΠΊΠΈ
EPSS