Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tooltip - XSS on data-viewport attribute #27044

Closed
don-spyker opened this issue Aug 10, 2018 · 0 comments
Closed

tooltip - XSS on data-viewport attribute #27044

don-spyker opened this issue Aug 10, 2018 · 0 comments
Labels
js v3

Comments

@don-spyker
Copy link

don-spyker commented Aug 10, 2018
edited
Loading

found in bootstrap 3.3.7

<a href="#" data-toggle="tooltip" data-viewport="<img src=1 onerror=alert(123) />" title="Hooray!">Hover over me</a>
https://jsbin.com/qipirurise/edit?html,output

Win 7 x64
Chrome 67.0.3396.99
Firefox 61.0.1 (64-Bit)
@don-spyker don-spyker mentioned this issue Aug 10, 2018
Merged
don-spyker added a commit to don-spyker/bootstrap that referenced this issue Aug 10, 2018
@don-spyker
fix(tooltip): XSS on data-viewport attribute
5c71ecf 
Fixes twbs#27044
Johann-S pushed a commit that referenced this issue Aug 13, 2018
@don-spyker @Johann-S
Fix/xss issues on data attributes (#27047)
2a5ba23 
* fix(collapse): xss CVE-2018-14040

Fixes #26625

* fix(tooltip): xss CVE-2018-14042

Fixes #26628

* fix(tooltip): XSS on data-viewport attribute

Fixes #27044

* fix(affix): XSS on target config

Fixes #27045
@AASMACMX AASMACMX mentioned this issue Feb 26, 2023
Open
@AASMACMX AASMACMX mentioned this issue Apr 26, 2023
Open
@AASMACMX AASMACMX mentioned this issue Jul 10, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
js v3
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Johann-S @don-spyker