Vulnerability DatabaseWS-2017-0178
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
WS-2017-0178
Published:May 19, 2026
Updated:May 19, 2026
Affected versions of the package are vulnerable to Cross-site Scripting (XSS).
Affected Packages
flower (CONDA):
Affected version(s) >=0.8.3 <2.0.0
Fix Suggestion:
Update to version 2.0.0
gemini (CONDA):
Affected version(s) >=0.17.3dev0 <=0.30.2
Fix Suggestion:
Update to version no_fix
r-ramcharts (CONDA):
Affected version(s) =2.1.13 <2.1.15
Fix Suggestion:
Update to version 2.1.15
r-venn (CONDA):
Affected version(s) >=1.2 <1.8
Fix Suggestion:
Update to version 1.8
r-makefiler (CONDA):
Affected version(s) =1.0
Fix Suggestion:
Update to version no_fix
quast (CONDA):
Affected version(s) >=3.2 <=5.3.0
Fix Suggestion:
Update to version no_fix
oncogemini (CONDA):
Affected version(s) >=0.1.0 <=1.0.0
Fix Suggestion:
Update to version no_fix
targqc (CONDA):
Affected version(s) =1.8.1
Fix Suggestion:
Update to version no_fix
bootstrap (NPM):
Affected version(s) >=0.0.1 <3.1.1
Fix Suggestion:
Update to version 3.1.1
bootstrap (NUGET):
Affected version(s) =1.0.0 <2.3.1
Fix Suggestion:
Update to version 2.3.1
twitter.bootstrap (NUGET):
Affected version(s) =1.3.0 <1.4.0
Fix Suggestion:
Update to version 1.4.0
twitter.bootstrap (NUGET):
Affected version(s) >=2.0.4 <2.1.0
Fix Suggestion:
Update to version 2.1.0
twitterbootstrapmvc3template (NUGET):
Affected version(s) >=1.0.0 <1.0.4
Fix Suggestion:
Update to version 1.0.4
bootstraptwitter (NUGET):
Affected version(s) >=1.4.0 <2.1.0
Fix Suggestion:
Update to version 2.1.0
maoyuanmvckendojslib (NUGET):
Affected version(s) =1.0.1
Fix Suggestion:
Update to version no_fix
scaffr (NUGET):
Affected version(s) =1.1.0 <1.1.1
Fix Suggestion:
Update to version 1.1.1
grazewp7 (NUGET):
Affected version(s) >=1.0.0 <=3.0.0
Fix Suggestion:
Update to version no_fix
mvcforum (NUGET):
Affected version(s) >=0.8.5.1 <1.0.0.1
Fix Suggestion:
Update to version 1.0.0.1
bootstraptwitter (NUGET):
Affected version(s) =2.4.0 <3.0.0
Fix Suggestion:
Update to version 3.0.0
xsockets.tutorials (NUGET):
Affected version(s) >=0.6.0 <=0.9.2
Fix Suggestion:
Update to version no_fix
irmnet/auth (PHP):
Affected version(s) =1.0.20
Fix Suggestion:
Update to version no_fix
acosf/archersys (PHP):
Affected version(s) >=dev-hdddwinstudent <1.0
Fix Suggestion:
Update to version 1.0
pug-php/pug (PHP):
Affected version(s) >=3.0.0-alpha6 <3.0.0
Fix Suggestion:
Update to version 3.0.0
tinindja/microweber-for-laravel-5.8 (PHP):
Affected version(s) >=oop-preview <0.9.5.x-dev
Fix Suggestion:
Update to version 0.9.5.x-dev
sitegeist/nomenclator (PHP):
Affected version(s) =dev-feature/frontendAndStyle <dev-master
Fix Suggestion:
Update to version dev-master
pug-php/pug (PHP):
Affected version(s) >=1.10.3 <1.11.0
Fix Suggestion:
Update to version 1.11.0
mopa/symfony-framework-bootstrap-edition (PHP):
Affected version(s) =dev-master <v2.0.0BETA1
Fix Suggestion:
Update to version v2.0.0BETA1
neos/twitter-bootstrap (PHP):
Affected version(s) =2.0.x-dev <2.0.1
Fix Suggestion:
Update to version 2.0.1
optime/jangomail (PHP):
Affected version(s) =dev-master <v1.0
Fix Suggestion:
Update to version v1.0
yetiforce/yetiforce-crm (PHP):
Affected version(s) =4.2.0 <dev-dependabot/composer/developer/smarty/smarty-4.2.0
Fix Suggestion:
Update to version dev-dependabot/composer/developer/smarty/smarty-4.2.0
rozdol/bi-assets (PHP):
Affected version(s) >=dev-master <v1.0.3
Fix Suggestion:
Update to version v1.0.3
silverstripe-themes/module_bootstrap (PHP):
Affected version(s) =2.3.1.x-dev <2.3.2.x-dev
Fix Suggestion:
Update to version 2.3.2.x-dev
pug-php/pug (PHP):
Affected version(s) =3.0.0-alpha2 <3.0.0-alpha3
Fix Suggestion:
Update to version 3.0.0-alpha3
zoomyboy/scoutnet-api (PHP):
Affected version(s) >=dev-master <=0.2.0
Fix Suggestion:
Update to version no_fix
mukulu/admin-bundle (PHP):
Affected version(s) =dev-bootstrap2
Fix Suggestion:
Update to version no_fix
bertrandom/flickrclient (PHP):
Affected version(s) =dev-demo <dev-master
Fix Suggestion:
Update to version dev-master
tungphan/yii-demo (PHP):
Affected version(s) =dev-master
Fix Suggestion:
Update to version no_fix
silverstripe/deploynaut (PHP):
Affected version(s) >=1.0.1 <dev-cleanup5
Fix Suggestion:
Update to version dev-cleanup5
silverstripe-themes/module_bootstrap (PHP):
Affected version(s) =dev-ssexpress <ssexpress-0.1.0
Fix Suggestion:
Update to version ssexpress-0.1.0
themelogy/carwash-theme (PHP):
Affected version(s) >=dev-master <1.0.1
Fix Suggestion:
Update to version 1.0.1
mopa/symfony-framework-bootstrap-edition (PHP):
Affected version(s) >=2.2.x-dev <=2.3.x-dev
Fix Suggestion:
Update to version no_fix
purezero/module_bootstrap (PHP):
Affected version(s) =dev-ssexpress <ssexpress-0.1.0
Fix Suggestion:
Update to version ssexpress-0.1.0
neos/twitter-bootstrap (PHP):
Affected version(s) >=dev-main <historic-1.0.0-alpha5
Fix Suggestion:
Update to version historic-1.0.0-alpha5
pug-php/pug (PHP):
Affected version(s) =2.2.0 <2.2.1
Fix Suggestion:
Update to version 2.2.1
metabor/start-app (PHP):
Affected version(s) =dev-MopaBootstrapBundle <dev-master
Fix Suggestion:
Update to version dev-master
phraseanet/phraseanet (PHP):
Affected version(s) >=3.7.0 <3.8.0
Fix Suggestion:
Update to version 3.8.0
pug-php/pug (PHP):
Affected version(s) =2.4.9 <2.5.0
Fix Suggestion:
Update to version 2.5.0
pug-php/pug (PHP):
Affected version(s) =2.5.9 <2.6.0
Fix Suggestion:
Update to version 2.6.0
pug-php/pug (PHP):
Affected version(s) =2.7.2 <2.7.3
Fix Suggestion:
Update to version 2.7.3
cupcakephp/cupcakephp (PHP):
Affected version(s) =0.2.x-dev
Fix Suggestion:
Update to version no_fix
pug-php/pug (PHP):
Affected version(s) >=dev-feature/php-update <dev-test/add-alternative-versions
Fix Suggestion:
Update to version dev-test/add-alternative-versions
torann/skosh (PHP):
Affected version(s) =dev-master <0.2.0
Fix Suggestion:
Update to version 0.2.0
titledk/cloudy (PHP):
Affected version(s) =dev-master
Fix Suggestion:
Update to version no_fix
silverstripe/deploynaut (PHP):
Affected version(s) =0.9.x-dev <1.0.0
Fix Suggestion:
Update to version 1.0.0
pug-php/pug (PHP):
Affected version(s) >=1.11.1 <1.11.3
Fix Suggestion:
Update to version 1.11.3
pug-php/pug (PHP):
Affected version(s) =2.3.0 <2.4.0
Fix Suggestion:
Update to version 2.4.0
neos/twitter-bootstrap (PHP):
Affected version(s) =dev-task/flow-9.0-compat
Fix Suggestion:
Update to version no_fix
yetiforce/yetiforce-crm (PHP):
Affected version(s) =4.1.0 <dev-dependabot/composer/developer/smarty/smarty-4.1.0
Fix Suggestion:
Update to version dev-dependabot/composer/developer/smarty/smarty-4.1.0
pug-php/pug (PHP):
Affected version(s) >=1.5.0 <1.8.0-rc1
Fix Suggestion:
Update to version 1.8.0-rc1
chj/laravel (PHP):
Affected version(s) >=dev-develop <chj-v1.0
Fix Suggestion:
Update to version chj-v1.0
kylekatarnls/jade-php (PHP):
Affected version(s) =2.7.5 <3.0.0-RC1
Fix Suggestion:
Update to version 3.0.0-RC1
typo3/twitter-bootstrap (PHP):
Affected version(s) >=dev-main <historic-1.0.0-alpha5
Fix Suggestion:
Update to version historic-1.0.0-alpha5
jabapoint/cobra (PHP):
Affected version(s) >=dev-master <=0.7
Fix Suggestion:
Update to version no_fix
pug-php/pug (PHP):
Affected version(s) >=2.0.3 <2.1.0
Fix Suggestion:
Update to version 2.1.0
typo3/twitter-bootstrap (PHP):
Affected version(s) =dev-task/flow-9.0-compat
Fix Suggestion:
Update to version no_fix
pug-php/pug (PHP):
Affected version(s) >=1.1.1 <1.4.0
Fix Suggestion:
Update to version 1.4.0
pug-php/pug (PHP):
Affected version(s) >=2.4.1 <2.4.5
Fix Suggestion:
Update to version 2.4.5
kylekatarnls/jade-php (PHP):
Affected version(s) =dev-version-2.next <2.0.1
Fix Suggestion:
Update to version 2.0.1
skeeks/yii2-template-smarty (PHP):
Affected version(s) =dev-master <1.0.0
Fix Suggestion:
Update to version 1.0.0
neos/twitter-bootstrap (PHP):
Affected version(s) =3.0.8 <dev-flow_7
Fix Suggestion:
Update to version dev-flow_7
pawka/phrozn (PHP):
Affected version(s) >=0.5.6 <=1.0.x-dev
Fix Suggestion:
Update to version no_fix
yetiforce/yetiforce-crm (PHP):
Affected version(s) =4.0.0 <dev-dependabot/composer/developer/smarty/smarty-4.0.0
Fix Suggestion:
Update to version dev-dependabot/composer/developer/smarty/smarty-4.0.0
pug-php/pug (PHP):
Affected version(s) >=3.1.2 <3.1.4
Fix Suggestion:
Update to version 3.1.4
ronan-gloo/jadephp (PHP):
Affected version(s) =dev-master
Fix Suggestion:
Update to version no_fix
neos/twitter-bootstrap (PHP):
Affected version(s) =1.0.x-dev <1.0.1
Fix Suggestion:
Update to version 1.0.1
neos/twitter-bootstrap (PHP):
Affected version(s) =2.1.x-dev <2.2.0
Fix Suggestion:
Update to version 2.2.0
mopa/symfony-framework-bootstrap-edition (PHP):
Affected version(s) =2.1.x-dev <v2.1.0
Fix Suggestion:
Update to version v2.1.0
paella/twitter-bootstrap-bundle (PHP):
Affected version(s) =dev-master
Fix Suggestion:
Update to version no_fix
pug-php/pug (PHP):
Affected version(s) =2.7.0 <2.7.1
Fix Suggestion:
Update to version 2.7.1
farazdagi/phrozn (PHP):
Affected version(s) >=0.5.6 <=1.0.x-dev
Fix Suggestion:
Update to version no_fix
skcms/admin-bundle (PHP):
Affected version(s) =dev-master
Fix Suggestion:
Update to version no_fix
intelogie/sipml5 (PHP):
Affected version(s) =dev-master <1.0.0
Fix Suggestion:
Update to version 1.0.0
sansis/basebundle (PHP):
Affected version(s) >=dev-master <=v1.0.0
Fix Suggestion:
Update to version no_fix
neos/twitter-bootstrap (PHP):
Affected version(s) =2.2.x-dev <3.0.0
Fix Suggestion:
Update to version 3.0.0
silverstripe/deploynaut (PHP):
Affected version(s) =1.x-dev <dev-p1-issue
Fix Suggestion:
Update to version dev-p1-issue
wollnerstudios/assetpipeline (PHP):
Affected version(s) >=1.0.3 <=1.0.31
Fix Suggestion:
Update to version no_fix
pug-php/pug (PHP):
Affected version(s) >=3.2.0 <dev-analysis-BowKr6
Fix Suggestion:
Update to version dev-analysis-BowKr6
purezero/module_bootstrap (PHP):
Affected version(s) >=dev-breadcrumb <dev-master
Fix Suggestion:
Update to version dev-master
kylekatarnls/jade-php (PHP):
Affected version(s) =dev-master <1.1
Fix Suggestion:
Update to version 1.1
pablodip/admin-module-bundle (PHP):
Affected version(s) =dev-master
Fix Suggestion:
Update to version no_fix
wxr/common-bundle (PHP):
Affected version(s) >=dev-master <=v2.1.0
Fix Suggestion:
Update to version no_fix
radutopala/phpbeanstalkdadmin (PHP):
Affected version(s) =dev-master
Fix Suggestion:
Update to version no_fix
halleck45/behat-wizard-bundle (PHP):
Affected version(s) =v0.2
Fix Suggestion:
Update to version no_fix
jeromeschneider/baikal (PHP):
Affected version(s) >=0.2.5 <0.5.1
Fix Suggestion:
Update to version 0.5.1
venu/sf2-blog (PHP):
Affected version(s) =dev-master
Fix Suggestion:
Update to version no_fix
jsmarion/yii2-unify-template (PHP):
Affected version(s) =dev-master
Fix Suggestion:
Update to version no_fix
themelogy/carwash-theme (PHP):
Affected version(s) =1.0.2
Fix Suggestion:
Update to version no_fix
purezero/module_bootstrap (PHP):
Affected version(s) =2.3.1.x-dev <2.3.2.x-dev
Fix Suggestion:
Update to version 2.3.2.x-dev
typo3/twitter-bootstrap (PHP):
Affected version(s) >=1.0.0 <3.0.5
Fix Suggestion:
Update to version 3.0.5
yetiforce/yetiforce-crm (PHP):
Affected version(s) =4.3.0 <dev-dependabot/composer/developer/sabre/dav-4.3.0
Fix Suggestion:
Update to version dev-dependabot/composer/developer/sabre/dav-4.3.0
8bit-echo/sage (PHP):
Affected version(s) =4.1.0 <dev-dependabot/npm_and_yarn/lodash-4.17.21
Fix Suggestion:
Update to version dev-dependabot/npm_and_yarn/lodash-4.17.21
skeeks/yii2-template-unify (PHP):
Affected version(s) >=dev-master <=1.9.1
Fix Suggestion:
Update to version no_fix
pug-php/pug (PHP):
Affected version(s) =1.12.1 <1.12.2
Fix Suggestion:
Update to version 1.12.2
rozdol/bi-assets (PHP):
Affected version(s) >=v1.0.5 <=v1.0.17
Fix Suggestion:
Update to version no_fix
irmnet/ti (PHP):
Affected version(s) =dev-master <0.0.0
Fix Suggestion:
Update to version 0.0.0
pug-php/pug (PHP):
Affected version(s) >=2.7.4 <3.0.0-RC2
Fix Suggestion:
Update to version 3.0.0-RC2
tinindja/microweber-for-laravel-5.8 (PHP):
Affected version(s) >=microweber-0.750 <0.931
Fix Suggestion:
Update to version 0.931
irmnet/ti (PHP):
Affected version(s) >=1.0.4 <10
Fix Suggestion:
Update to version 10
jlaso/tradukoj (PHP):
Affected version(s) >=dev-feature/dockerizing <1.1
Fix Suggestion:
Update to version 1.1
typo3/twitter-bootstrap (PHP):
Affected version(s) =3.0.8 <dev-flow_7
Fix Suggestion:
Update to version dev-flow_7
kylekatarnls/jade-php (PHP):
Affected version(s) >=3.3.0 <=3.3.1
Fix Suggestion:
Update to version no_fix
torann/skosh (PHP):
Affected version(s) =0.3.0
Fix Suggestion:
Update to version no_fix
pug-php/pug (PHP):
Affected version(s) >=1.8.1 <1.10.1
Fix Suggestion:
Update to version 1.10.1
optime/jangomail (PHP):
Affected version(s) >=v1.1 <=v2.0
Fix Suggestion:
Update to version no_fix
pug-php/pug (PHP):
Affected version(s) =2.6.4 <2.6.5
Fix Suggestion:
Update to version 2.6.5
silverstripe-themes/module_bootstrap (PHP):
Affected version(s) >=dev-breadcrumb <dev-master
Fix Suggestion:
Update to version dev-master
pug-php/pug (PHP):
Affected version(s) =2.1.2 <2.1.3
Fix Suggestion:
Update to version 2.1.3
carlosio/jenkins (PHP):
Affected version(s) =1.0.0 <1.1.0
Fix Suggestion:
Update to version 1.1.0
mparaiso/aclserviceprovider (PHP):
Affected version(s) =dev-silex <0.0.1
Fix Suggestion:
Update to version 0.0.1
fightmaster/fightmaster-bootstrap-bundle (PHP):
Affected version(s) =dev-master
Fix Suggestion:
Update to version no_fix
wollnerstudios/assetpipeline (PHP):
Affected version(s) =dev-master <1.0.0
Fix Suggestion:
Update to version 1.0.0
pug-php/pug (PHP):
Affected version(s) >=2.5.2 <2.5.5
Fix Suggestion:
Update to version 2.5.5
kylekatarnls/jade-php (PHP):
Affected version(s) =2.7.x-dev <2.7.1
Fix Suggestion:
Update to version 2.7.1
pug-php/pug (PHP):
Affected version(s) =dev-enable-php-8-test
Fix Suggestion:
Update to version no_fix
flower (PYTHON):
Affected version(s) >=0.8.3 <2.0.0
Fix Suggestion:
Update to version 2.0.0
Related Resources (2)
https://github.com/twbs/bootstrap/commit/f836473129819c2e348f821ed268451b9b8bf2e4
https://github.com/twbs/bootstrap/pull/3421
Do you need more information?
Contact Us
CVSS v4
Base Score:
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
PASSIVE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
LOW
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE