Candidate: CVE-2016-10735
PublicDate: 2019-01-09 05:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10735
 https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/
 https://github.com/twbs/bootstrap/issues/20184
 https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906
 https://github.com/twbs/bootstrap/pull/23679
 https://github.com/twbs/bootstrap/pull/23687
 https://github.com/twbs/bootstrap/pull/26460
Description:
 In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is
 possible in the data-target attribute, a different vulnerability than
 CVE-2018-14041.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N [6.1 MEDIUM]


Patches_twitter-bootstrap:
upstream_twitter-bootstrap: needs-triage
precise/esm_twitter-bootstrap: DNE
trusty_twitter-bootstrap: not-affected (code not present)
trusty/esm_twitter-bootstrap: DNE (trusty was not-affected [code not present])
xenial_twitter-bootstrap: not-affected (code not present)
bionic_twitter-bootstrap: not-affected (code not present)
cosmic_twitter-bootstrap: not-affected (code not present)
disco_twitter-bootstrap: not-affected (code not present)
eoan_twitter-bootstrap: DNE
focal_twitter-bootstrap: DNE
groovy_twitter-bootstrap: DNE
hirsute_twitter-bootstrap: DNE
impish_twitter-bootstrap: DNE
jammy_twitter-bootstrap: DNE
devel_twitter-bootstrap: DNE

Patches_twitter-bootstrap3:
upstream_twitter-bootstrap3: released (3.4.0)
precise/esm_twitter-bootstrap3: DNE
trusty_twitter-bootstrap3: DNE
trusty/esm_twitter-bootstrap3: DNE
xenial_twitter-bootstrap3: ignored (end of standard support, was needed)
bionic_twitter-bootstrap3: needed
cosmic_twitter-bootstrap3: ignored (reached end-of-life)
disco_twitter-bootstrap3: released (3.4.0+dfsg-1)
eoan_twitter-bootstrap3: released (3.4.0+dfsg-1)
focal_twitter-bootstrap3: released (3.4.0+dfsg-1)
groovy_twitter-bootstrap3: released (3.4.0+dfsg-1)
hirsute_twitter-bootstrap3: released (3.4.0+dfsg-1)
impish_twitter-bootstrap3: released (3.4.0+dfsg-1)
jammy_twitter-bootstrap3: released (3.4.0+dfsg-1)
devel_twitter-bootstrap3: released (3.4.0+dfsg-1)

Patches_twitter-bootstrap4:
upstream_twitter-bootstrap4: needs-triage
precise/esm_twitter-bootstrap4: DNE
trusty_twitter-bootstrap4: DNE
trusty/esm_twitter-bootstrap4: DNE
xenial_twitter-bootstrap4: DNE
bionic_twitter-bootstrap4: DNE
cosmic_twitter-bootstrap4: DNE
disco_twitter-bootstrap4: not-affected (4.0.0)
eoan_twitter-bootstrap4: not-affected (4.0.0)
focal_twitter-bootstrap4: not-affected (4.0.0)
groovy_twitter-bootstrap4: not-affected (4.0.0)
hirsute_twitter-bootstrap4: not-affected (4.0.0)
impish_twitter-bootstrap4: not-affected (4.0.0)
jammy_twitter-bootstrap4: not-affected (4.0.0)
devel_twitter-bootstrap4: not-affected (4.0.0)