RubySec

Providing security resources for the Ruby community

CVE-2016-10735 (bootstrap): XSS vulnerability via data-target in bootstrap

ADVISORIES

GEM

bootstrap

SEVERITY

CVSS v3: 6.1

CVSS v2: 4.3

PATCHED VERSIONS

  • >= 4.0.0-beta.2

DESCRIPTION

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute.