RubySec

Providing security resources for the Ruby community

CVE-2019-8331 (bootstrap): XSS vulnerability in bootstrap

ADVISORIES

GEM

bootstrap

SEVERITY

CVSS v3.x: 6.1 (Medium)

CVSS v2.0: 4.3 (Medium)

PATCHED VERSIONS

  • >= 4.3.1

DESCRIPTION

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.

RELATED

Contact us @rubysec or open an issue on our GitHub repository.

Recent Advisories