| CVE-2021-23398 | All versions of package react-bootstrap-table are vulnerable to Cross-site Scripting (XSS) via the dataFormat parameter. The problem is triggered when an invalid React element is returned, leading to dangerouslySetInnerHTML being used, which does not sanitize the output. | medium |
| CVE-2024-31821 | SQL Injection vulnerability in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the manageQuantitiesAndProcurement method of the Orders_model.php component. | high |
| CVE-2024-7067 | A vulnerability was found in kirilkirkov Ecommerce-Laravel-Bootstrap up to 1f1097a3448ce8ec53e034ea0f70b8e2a0e64a87. It has been rated as critical. Affected by this issue is the function getCartProductsIds of the file app/Cart.php. The manipulation of the argument laraCart leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is a02111a674ab49f65018b31da3011b1e396f59b1. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-272348. | medium |
| CVE-2020-25090 | Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/ecommerce/publish.php. | medium |
| CVE-2025-3060 | Vulnerability in Drupal Flattern – Multipurpose Bootstrap Business Profile.This issue affects Flattern – Multipurpose Bootstrap Business Profile: *.*. | medium |
| CVE-2023-23010 | Cross Site Scripting (XSS) vulnerability in Ecommerce-CodeIgniter-Bootstrap thru commit d5904379ca55014c5df34c67deda982c73dc7fe5 (on Dec 27, 2022), allows attackers to execute arbitrary code via the languages and trans_load parameters in file add_product.php. | medium |
| CVE-2020-25089 | Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/ecommerce/discounts.php. | medium |
| CVE-2020-25088 | Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/blog/blogpublish.php. | medium |
| CVE-2020-25091 | Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/vendor/views/add_product.php. | medium |
| CVE-2020-25086 | Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/advanced_settings/adminUsers.php. | medium |
| CVE-2020-25087 | Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/advanced_settings/languages.php. | medium |
| CVE-2020-25093 | Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in blog.php. within application/views/templates/clothesshop, application/views/templates/onepage, and application/views/templates/redlabel. | medium |
| CVE-2016-1000227 | Cross-Site Scripting in bootstrap-tagsinput | high |
| CVE-2025-1647 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bootstrap allows Cross-Site Scripting (XSS).This issue affects Bootstrap: from 3.4.1 before 4.0.0. | medium |
| CVE-2024-35169 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AREOI All Bootstrap Blocks allows Stored XSS.This issue affects All Bootstrap Blocks: from n/a through 1.3.15. | medium |
| CVE-2023-47851 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Akhtarujjaman Shuvo Bootstrap Shortcodes Ultimate allows Stored XSS.This issue affects Bootstrap Shortcodes Ultimate: from n/a through 4.3.1. | medium |
| CVE-2024-51810 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in George Lewe Lewe Bootstrap Visuals allows Stored XSS.This issue affects Lewe Bootstrap Visuals: from n/a through 2.2.2. | medium |
| CVE-2024-5663 | The Cards for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Cards widget in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | medium |
| CVE-2022-35213 | Ecommerce-CodeIgniter-Bootstrap before commit 56465f was discovered to contain a cross-site scripting (XSS) vulnerability via the function base_url() at /blog/blogpublish.php. | medium |
| CVE-2024-31823 | An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the removeSecondaryImage method of the Publish.php component. | high |
| CVE-2014-4920 | Reflective Cross-site Scripting Vulnerability in twitter-bootstrap-rails | medium |
| CVE-2022-1726 | Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in GitHub repository wenzhixin/bootstrap-table prior to 1.20.2. Disclosing session cookies, disclosing secure session data, exfiltrating data to third-parties. | medium |
| CVE-2025-3901 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Bootstrap Site Alert allows Cross-Site Scripting (XSS).This issue affects Bootstrap Site Alert: from 0.0.0 before 1.13.0, from 3.0.0 before 3.0.4. | medium |
| CVE-2015-5685 | The lazy_bdecode function in BitTorrent DHT bootstrap server (bootstrap-dht ) allows remote attackers to execute arbitrary code via a crafted packet, related to "improper indexing." | critical |
| CVE-2023-52196 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Phil Ewels CPT Bootstrap Carousel allows Reflected XSS.This issue affects CPT Bootstrap Carousel: from n/a through 1.12. | medium |
| CVE-2024-53824 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AREOI All Bootstrap Blocks allows PHP Local File Inclusion.This issue affects All Bootstrap Blocks: from n/a through 1.3.19. | high |
| CVE-2024-51851 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in saleh attari best bootstrap widgets for elementor allows DOM-Based XSS.This issue affects best bootstrap widgets for elementor: from n/a through 1.0. | medium |
| CVE-2016-10735 | In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041. | medium |
| CVE-2025-26551 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sureshdsk Bootstrap collapse allows Stored XSS. This issue affects Bootstrap collapse: from n/a through 1.0.4. | high |
| CVE-2024-43349 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AREOI All Bootstrap Blocks allows Stored XSS.This issue affects All Bootstrap Blocks: from n/a through 1.3.19. | medium |
| CVE-2024-49677 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Cramer Bootstrap Buttons allows Reflected XSS.This issue affects Bootstrap Buttons: from n/a through 1.2. | high |
| CVE-2025-32672 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Ultimate Bootstrap Elements for Elementor allows PHP Local File Inclusion. This issue affects Ultimate Bootstrap Elements for Elementor: from n/a through 1.4.9. | high |
| CVE-2024-43140 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in G5Theme Ultimate Bootstrap Elements for Elementor allows PHP Local File Inclusion.This issue affects Ultimate Bootstrap Elements for Elementor: from n/a through 1.4.4. | high |
| CVE-2021-40975 | Cross-site scripting (XSS) vulnerability in application/modules/admin/views/ecommerce/products.php in Ecommerce-CodeIgniter-Bootstrap (Codeigniter 3.1.11, Bootstrap 3.3.7) allows remote attackers to inject arbitrary web script or HTML via the search_title parameter. | medium |
| CVE-2024-37462 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in G5Theme Ultimate Bootstrap Elements for Elementor allows Path Traversal.This issue affects Ultimate Bootstrap Elements for Elementor: from n/a through 1.4.2. | high |
| CVE-2017-9450 | The Amazon Web Services (AWS) CloudFormation bootstrap tools package (aka aws-cfn-bootstrap) before 1.4-19.10 allows local users to execute arbitrary code with root privileges by leveraging the ability to create files in an unspecified directory. | high |
| CVE-2014-8509 | The lazy_bdecode function in BitTorrent bootstrap-dht (aka Bootstrap) allows remote attackers to execute arbitrary code via a crafted packet, which triggers an out-of-bounds read, related to "Improper Indexing." | critical |
| CVE-2025-30527 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codetoolbox My Bootstrap Menu allows Stored XSS. This issue affects My Bootstrap Menu: from n/a through 1.2.1. | medium |
| CVE-2023-35047 | Cross-Site Request Forgery (CSRF) vulnerability in AREOI All Bootstrap Blocks plugin <= 1.3.6 versions. | medium |
| CVE-2020-25092 | Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in _parts/header.php, within application/views/templates/clothesshop, application/views/templates/greenlabel, and application/views/templates/redlabel. | medium |
| CVE-2019-13314 | virt-bootstrap 1.1.0 allows local users to discover a root password by listing a process, because this password may be present in the --root-password option to virt_bootstrap.py. | high |
| CVE-2018-14042 | In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. | medium |
| CVE-2024-41344 | A Cross-Site Request Forgery (CSRF) in Codeigniter 3.1.13 allows attackers to arbitrarily change the Administrator password and escalate privileges. | high |
| CVE-2024-11402 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP-speedup Block Editor Bootstrap Blocks allows Reflected XSS.This issue affects Block Editor Bootstrap Blocks: from n/a through 6.6.1. | high |
| CVE-2019-10842 | Arbitrary code execution (via backdoor code) was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the ___cfduid cookie value with base64 arbitrary code to be executed via eval(), which can be leveraged to execute arbitrary code on the target system. Note that there are three underscore characters in the cookie name. This is unrelated to the __cfduid cookie that is legitimately used by Cloudflare. | critical |
| CVE-2024-6526 | A vulnerability classified as problematic has been found in CodeIgniter Ecommerce-CodeIgniter-Bootstrap up to 1998845073cf433bc6c250b0354461fbd84d0e03. This affects an unknown part. The manipulation of the argument search_title/catName/sub/name/categorie leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 1b3da45308bb6c3f55247d0e99620b600bd85277. It is recommended to apply a patch to fix this issue. The identifier VDB-270369 was assigned to this vulnerability. | medium |
| CVE-2019-7649 | global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies on multiple MD5 operations for password hashing. | high |
| CVE-2025-22743 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mohsin Rasool Twitter Bootstrap Collapse aka Accordian Shortcode allows DOM-Based XSS.This issue affects Twitter Bootstrap Collapse aka Accordian Shortcode: from n/a through 1.0. | medium |
| CVE-2018-14040 | In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute. | medium |
| CVE-2018-20676 | In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute. | medium |
