Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-10735

Опубликовано: 27 июн. 2016
Источник: redhat
CVSS3: 6.1
EPSS Низкий

Описание

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.

Отчет

Red Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite. Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 7pki-coreWill not fix
Red Hat JBoss Enterprise Web Server 2bootstrapAffected
Red Hat OpenStack Platform 10 (Newton)python-XStatic-Bootstrap-SCSSAffected
Red Hat OpenStack Platform 14 (Rocky)python-XStatic-Bootstrap-SCSSAffected
Red Hat OpenStack Platform 15 (Stein)python-XStatic-Bootstrap-SCSSAffected
Red Hat OpenStack Platform 8 (Liberty)python-XStatic-Bootstrap-SCSSAffected
Red Hat OpenStack Platform 9 (Mitaka)python-XStatic-Bootstrap-SCSSAffected
Red Hat Quay 3quayNot affected
Red Hat Quay 3quay/quay-rhel8Not affected
Red Hat Satellite 5bootstrapWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=1668097bootstrap: XSS in the data-target attribute

EPSS

Процентиль: 90%
0.06152
Низкий

6.1 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2016-10735

CVSS3: 6.1
ubuntu
больше 6 лет назад

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.

nvd логотип

CVE-2016-10735

CVSS3: 6.1
nvd
больше 6 лет назад

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.

debian логотип

CVE-2016-10735

CVSS3: 6.1
debian
больше 6 лет назад

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is ...

github логотип

GHSA-4p24-vmcr-4gqj

CVSS3: 6.1
github
больше 6 лет назад

Bootstrap Cross-site Scripting vulnerability

rocky логотип

RLSA-2020:4670

rocky
больше 4 лет назад

Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update

EPSS

Процентиль: 90%
0.06152
Низкий

6.1 Medium

CVSS3

Уязвимость CVE-2016-10735