RubySec

Providing security resources for the Ruby community

CVE-2016-10735 (bootstrap): XSS vulnerability via data-target in bootstrap

ADVISORIES

GEM

bootstrap

SEVERITY

CVSS v3.x: 6.1 (Medium)

CVSS v2.0: 4.3 (Medium)

PATCHED VERSIONS

  • >= 4.0.0-beta.2

DESCRIPTION

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute.

RELATED

Contact us @rubysec or open an issue on our GitHub repository.

Recent Advisories