Home > Vulnerability Database > WS-2017-0178

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

WS-2017-0178

Good to know:

Date: June 3, 2012

Affected versions of the package are vulnerable to Cross-site Scripting (XSS).

Language: Java

Severity Score

5.4

Related Resources (3)

Url: https://github.com/twbs/bootstrap/commit/f836473129819c2e348f821ed268451b9b8bf2e4

Url: https://github.com/twbs/bootstrap/pull/3421

Url: https://www.mend.io/vulnerability-database/WS-2017-0178

Severity Score

5.4

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Top Fix

Upgrade Version

Upgrade to version pug-php/pug - 2.7.3;pug-php/pug - 3.0.0;pug-php/pug - 2.4.5;pug-php/pug - 1.12.2;pug-php/pug - 3.1.4;pug-php/pug - 1.10.1;pug-php/pug - 2.0.1;pug-php/pug - 1.8.0-rc1;pug-php/pug - 2.1.3;pug-php/pug - 1.4.0;pug-php/pug - dev-analysis-BowKr6;pug-php/pug - 2.2.1;pug-php/pug - 2.7.1;pug-php/pug - 2.5.0;pug-php/pug - 2.6.5;pug-php/pug - 2.1.0;pug-php/pug - 3.0.0-RC2;pug-php/pug - 3.0.0-alpha3;pug-php/pug - 2.5.5;pug-php/pug - 2.6.0;pug-php/pug - 2.4.0;pug-php/pug - dev-test/add-alternative-versions;pug-php/pug - 1.11.0;pug-php/pug - 1.11.3;pug-php/pug - no_fix;torann/skosh - no_fix;torann/skosh - 0.2.0;phraseanet/phraseanet - 3.8.0;halleck45/behat-wizard-bundle - no_fix;halleck45/behat-wizard-bundle - v0.1;wollnerstudios/assetpipeline - 1.0.0;wollnerstudios/assetpipeline - no_fix;acosf/archersys - 1.0;sitegeist/nomenclator - dev-master;cupcakephp/cupcakephp - no_fix;kylekatarnls/jade-php - 1.1;kylekatarnls/jade-php - 3.0.0-RC1;kylekatarnls/jade-php - no_fix;kylekatarnls/jade-php - 2.0.1;kylekatarnls/jade-php - 2.7.1;Twitter.Bootstrap - 1.4.0;Twitter.Bootstrap - 2.1.0;paella/twitter-bootstrap-bundle - no_fix;BootstrapTwitter - 2.1.0;BootstrapTwitter - 3.0.0;silverstripe-themes/module_bootstrap - dev-master;silverstripe-themes/module_bootstrap - ssexpress-0.1.0;silverstripe-themes/module_bootstrap - 2.3.2.x-dev;chj/laravel - chj-v1.0;intelogie/sipml5 - 1.0.0;yetiforce/yetiforce-crm - dev-dependabot/composer/developer/smarty/smarty-4.0.0;yetiforce/yetiforce-crm - dev-dependabot/composer/developer/smarty/smarty-4.1.0;yetiforce/yetiforce-crm - dev-dependabot/composer/developer/smarty/smarty-4.2.0;yetiforce/yetiforce-crm - dev-dependabot/composer/developer/sabre/dav-4.3.0;skcms/admin-bundle - no_fix;r-venn - 1.8;oncogemini - no_fix;irmnet/auth - no_fix;radutopala/phpbeanstalkdadmin - no_fix;mopa/symfony-framework-bootstrap-edition - v2.0.0BETA1;mopa/symfony-framework-bootstrap-edition - no_fix;mopa/symfony-framework-bootstrap-edition - v2.1.0;themelogy/carwash-theme - 1.0.1;themelogy/carwash-theme - no_fix;purezero/module_bootstrap - dev-master;purezero/module_bootstrap - 2.3.2.x-dev;purezero/module_bootstrap - ssexpress-0.1.0;maoyuanMvcKendoJsLib - no_fix;skeeks/yii2-template-unify - no_fix;skeeks/yii2-template-smarty - 1.0.0;metabor/start-app - dev-master;titledk/cloudy - no_fix;mparaiso/aclserviceprovider - 0.0.1;tungphan/yii-demo - no_fix;ronan-gloo/jadephp - no_fix;tinindja/microweber-for-laravel-5.8 - 0.931;tinindja/microweber-for-laravel-5.8 - 0.9.5.x-dev;silverstripe/deploynaut - dev-p1-issue;silverstripe/deploynaut - dev-cleanup5;silverstripe/deploynaut - 1.0.0;TwitterBootstrapMVC3Template - 1.0.4;fightmaster/fightmaster-bootstrap-bundle - no_fix;flower - 2.0.0;gemini - no_fix;carlosio/jenkins - 1.1.0;sansis/basebundle - no_fix;ScaffR - 1.1.1;cobase/cobase - no_fix;jabapoint/cobra - no_fix;neos/twitter-bootstrap - historic-1.0.0-alpha5;neos/twitter-bootstrap - 1.0.1;neos/twitter-bootstrap - 3.0.0;neos/twitter-bootstrap - dev-flow_7;neos/twitter-bootstrap - no_fix;neos/twitter-bootstrap - 2.2.0;neos/twitter-bootstrap - 2.0.1;grazewp7 - no_fix;r-makefiler - no_fix;pawka/phrozn - no_fix;mukulu/admin-bundle - no_fix;bootstrap - 2.3.1;irmnet/ti - 10;irmnet/ti - 0.0.0;jeromeschneider/baikal - 0.5.1;javanile/vtiger-core - no_fix;rozdol/bi-assets - no_fix;rozdol/bi-assets - v1.0.3;typo3/twitter-bootstrap - historic-1.0.0-alpha5;typo3/twitter-bootstrap - dev-flow_7;typo3/twitter-bootstrap - no_fix;typo3/twitter-bootstrap - 3.0.5;quast - no_fix;wxr/common-bundle - no_fix;venu/sf2-blog - no_fix;debug/toolbar - no_fix;jlaso/tradukoj - 1.1;lordelph/phrekyll - no_fix;zoomyboy/scoutnet-api - no_fix;farazdagi/phrozn - no_fix;bootstrap - 3.1.1;optime/jangomail - no_fix;optime/jangomail - v1.0;bertrandom/flickrclient - dev-master;pablodip/admin-module-bundle - no_fix;MVCForum - 1.0.0.1;XSockets.Tutorials - no_fix;jsmarion/yii2-unify-template - no_fix;r-ramcharts - 2.1.15;8bit-echo/sage - dev-dependabot/npm_and_yarn/lodash-4.17.21;targqc - no_fix;org.webjars.bower:heatmap.js2:no_fix;org.webjars.bower:pagerjs:no_fix;org.webjars:bootstrap:2.0.2;org.webjars:font-awesome:3.0.0

Learn More

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2017-0178

Good to know:

Date: June 3, 2012

Language: Java

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?