XSS vulnerability via data-target in bootstrap
Published: July 27, 2016
SECURITY IDENTIFIERS
- CVE: CVE-2016-10735 (NVD)
- GHSA: GHSA-4p24-vmcr-4gqj
- Vendor Advisory: https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/
GEM
SEVERITY
PATCHED VERSIONS
>= 4.0.0-beta.2
DESCRIPTION
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute.