[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2016-10735":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":54,"duplicate_of":9,"upstream":56,"downstream":57,"duplicates":84,"related":85,"reserved_at":9,"published_at":88,"modified_at":89,"state":90,"summary":91,"references_raw":99,"kevs":195,"epss":196,"epss_history":199,"metrics":457,"affected":474},"CVE-2016-10735","In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-79","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-209","XSS Using MIME Type Mismatch",[],{"id":25,"name":26,"techniques":27},"CAPEC-588","DOM-Based XSS",[],{"id":29,"name":30,"techniques":31},"CAPEC-591","Reflected XSS",[],{"id":33,"name":34,"techniques":35},"CAPEC-592","Stored XSS",[],{"id":37,"name":38,"techniques":39},"CAPEC-63","Cross-Site Scripting (XSS)",[],{"id":41,"name":42,"techniques":43},"CAPEC-85","AJAX Footprinting",[],[45],{"_key":46,"name":47,"source":48,"url":49,"maturity":50,"reliability_score":51,"verified":52,"type":9,"platforms":53,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_TWBS_BOOTSTRAP","Bootstrap","github","https://github.com/twbs/bootstrap/issues/20184","poc",0.3,false,[],[55],"GHSA-4p24-vmcr-4gqj",[],[58,60,62,64,66,68,70,72,74,76,78,80,82],{"_key":59},"UBUNTU-CVE-2016-10735",{"_key":61},"DEBIAN-CVE-2016-10735",{"_key":63},"RHBA-2019:1076",{"_key":65},"RHBA-2019:1570",{"_key":67},"RHBA-2019:4199",{"_key":69},"RHSA-2019:3023",{"_key":71},"RHSA-2020:3936",{"_key":73},"RHSA-2020:4670",{"_key":75},"RHSA-2020:5571",{"_key":77},"RHSA-2020:4847",{"_key":79},"RHSA-2023:0552",{"_key":81},"RHSA-2023:0553",{"_key":83},"RHSA-2023:0554",[],[86],{"_key":87},"CGA-6WG7-48V4-2PJ7","2019-01-09T05:00:00.000Z","2024-08-06T03:30:20.165Z","Modified",{"cisa_kev":52,"cisa_ransomware":52,"cisa_vendor":9,"epss_severity":92,"epss_score":93,"severity":94,"severity_score":95,"severity_version":96,"severity_source":97,"severity_vector":98,"severity_status":90},"low",0.05337,"medium",6.1,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",[100,112,116,120,125,129,134,140,144,148,152,156,160,165,170,174,179,183,187,191],{"url":101,"sources":102,"tags":107},"https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906",[103,97,104,105,106],"cve.org","osv_npm","osv_maven","osv_nuget",[108,109,110,111],"X Refsource MISC","Issue Tracking","Third Party Advisory","WEB",{"url":113,"sources":114,"tags":115},"https://github.com/twbs/bootstrap/pull/26460",[103,97,104,105,106],[108,110,111],{"url":49,"sources":117,"tags":118},[103,97,104,105,106],[108,119,109,110,111],"Exploit",{"url":121,"sources":122,"tags":123},"https://github.com/twbs/bootstrap/pull/23687",[103,97,104,105,106],[108,124,110,111],"Patch",{"url":126,"sources":127,"tags":128},"https://github.com/twbs/bootstrap/pull/23679",[103,97,104,105,106],[108,110,111],{"url":130,"sources":131,"tags":132},"https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/",[103,97],[108,133,110],"Release Notes",{"url":135,"sources":136,"tags":137},"https://access.redhat.com/errata/RHSA-2019:1456",[103,97,104,105,106],[138,139,111],"Vendor Advisory","X Refsource REDHAT",{"url":141,"sources":142,"tags":143},"https://access.redhat.com/errata/RHBA-2019:1076",[103,97,104,105,106],[138,139,111],{"url":145,"sources":146,"tags":147},"https://access.redhat.com/errata/RHBA-2019:1570",[103,97,104,105,106],[138,139,111],{"url":149,"sources":150,"tags":151},"https://access.redhat.com/errata/RHSA-2019:3023",[103,97,104,105,106],[138,139,111],{"url":153,"sources":154,"tags":155},"https://access.redhat.com/errata/RHSA-2020:0132",[103,97,104,105,106],[138,139,111],{"url":157,"sources":158,"tags":159},"https://access.redhat.com/errata/RHSA-2020:0133",[103,97,104,105,106],[138,139,111],{"url":161,"sources":162,"tags":163},"https://www.tenable.com/security/tns-2021-14",[103,97],[164],"X Refsource CONFIRM",{"url":166,"sources":167,"tags":168},"https://nvd.nist.gov/vuln/detail/CVE-2016-10735",[104,105,106],[169],"Advisory",{"url":171,"sources":172,"tags":173},"https://github.com/github/advisory-database/pull/3281",[104,105,106],[111],{"url":175,"sources":176,"tags":177},"https://github.com/twbs/bootstrap",[104,105,106],[178],"PACKAGE",{"url":180,"sources":181,"tags":182},"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2016-10735.yml",[104,105,106],[111],{"url":184,"sources":185,"tags":186},"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2016-10735.yml",[104,105,106],[111],{"url":188,"sources":189,"tags":190},"https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0",[104,105,106],[111],{"url":192,"sources":193,"tags":194},"https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2",[104,105,106],[111],[],{"date":197,"score":93,"percentile":198},"2026-06-04",0.90226,[200,204,207,210,213,216,219,221,224,227,230,233,236,239,241,244,247,250,253,255,257,260,263,266,268,271,274,277,281,284,286,289,292,295,298,300,302,305,308,311,314,317,320,323,326,330,332,334,337,340,343,346,349,352,356,359,362,365,368,371,373,376,378,381,384,387,390,392,395,398,400,402,405,408,411,414,416,418,421,424,427,430,433,436,439,442,445,448,451,454],{"date":201,"score":202,"percentile":203},"2025-11-04",0.06043,0.90304,{"date":205,"score":202,"percentile":206},"2025-11-05",0.90302,{"date":208,"score":202,"percentile":209},"2025-11-06",0.90301,{"date":211,"score":202,"percentile":212},"2025-11-07",0.90306,{"date":214,"score":202,"percentile":215},"2025-11-08",0.90309,{"date":217,"score":202,"percentile":218},"2025-11-09",0.90307,{"date":220,"score":202,"percentile":218},"2025-11-10",{"date":222,"score":202,"percentile":223},"2025-11-11",0.90305,{"date":225,"score":202,"percentile":226},"2025-11-12",0.90312,{"date":228,"score":202,"percentile":229},"2025-11-13",0.90316,{"date":231,"score":202,"percentile":232},"2025-11-14",0.90319,{"date":234,"score":202,"percentile":235},"2025-11-15",0.90315,{"date":237,"score":202,"percentile":238},"2025-11-16",0.90318,{"date":240,"score":202,"percentile":235},"2025-11-17",{"date":242,"score":202,"percentile":243},"2025-11-18",0.89806,{"date":245,"score":202,"percentile":246},"2025-11-19",0.8981,{"date":248,"score":202,"percentile":249},"2025-11-20",0.89812,{"date":251,"score":202,"percentile":252},"2025-11-21",0.9032,{"date":254,"score":202,"percentile":252},"2025-11-22",{"date":256,"score":202,"percentile":252},"2025-11-23",{"date":258,"score":202,"percentile":259},"2025-11-24",0.90322,{"date":261,"score":202,"percentile":262},"2025-11-25",0.90324,{"date":264,"score":202,"percentile":265},"2025-11-26",0.90323,{"date":267,"score":202,"percentile":265},"2025-11-27",{"date":269,"score":202,"percentile":270},"2025-11-28",0.90313,{"date":272,"score":202,"percentile":273},"2025-11-29",0.90347,{"date":275,"score":202,"percentile":276},"2025-11-30",0.90346,{"date":278,"score":279,"percentile":280},"2025-12-01",0.02633,0.85278,{"date":282,"score":279,"percentile":283},"2025-12-02",0.85283,{"date":285,"score":279,"percentile":283},"2025-12-03",{"date":287,"score":202,"percentile":288},"2025-12-04",0.9035,{"date":290,"score":202,"percentile":291},"2025-12-05",0.90356,{"date":293,"score":202,"percentile":294},"2025-12-06",0.90357,{"date":296,"score":202,"percentile":297},"2025-12-07",0.90353,{"date":299,"score":202,"percentile":297},"2025-12-08",{"date":301,"score":202,"percentile":294},"2025-12-09",{"date":303,"score":202,"percentile":304},"2025-12-10",0.90365,{"date":306,"score":202,"percentile":307},"2025-12-11",0.9037,{"date":309,"score":202,"percentile":310},"2025-12-12",0.90374,{"date":312,"score":202,"percentile":313},"2025-12-13",0.90376,{"date":315,"score":202,"percentile":316},"2025-12-14",0.90373,{"date":318,"score":202,"percentile":319},"2025-12-15",0.90375,{"date":321,"score":202,"percentile":322},"2025-12-16",0.90369,{"date":324,"score":202,"percentile":325},"2025-12-17",0.90378,{"date":327,"score":328,"percentile":329},"2025-12-18",0.06198,0.90513,{"date":331,"score":328,"percentile":329},"2025-12-19",{"date":333,"score":328,"percentile":329},"2025-12-20",{"date":335,"score":328,"percentile":336},"2025-12-21",0.90522,{"date":338,"score":328,"percentile":339},"2025-12-22",0.90523,{"date":341,"score":328,"percentile":342},"2025-12-23",0.90524,{"date":344,"score":328,"percentile":345},"2025-12-24",0.90535,{"date":347,"score":328,"percentile":348},"2025-12-25",0.90545,{"date":350,"score":328,"percentile":351},"2025-12-26",0.90542,{"date":353,"score":354,"percentile":355},"2025-12-27",0.04116,0.88309,{"date":357,"score":328,"percentile":358},"2025-12-28",0.90538,{"date":360,"score":202,"percentile":361},"2025-12-29",0.90408,{"date":363,"score":202,"percentile":364},"2025-12-30",0.90414,{"date":366,"score":202,"percentile":367},"2025-12-31",0.90424,{"date":369,"score":279,"percentile":370},"2026-01-01",0.85349,{"date":372,"score":279,"percentile":370},"2026-01-02",{"date":374,"score":279,"percentile":375},"2026-01-03",0.85346,{"date":377,"score":202,"percentile":367},"2026-01-04",{"date":379,"score":202,"percentile":380},"2026-01-05",0.90421,{"date":382,"score":202,"percentile":383},"2026-01-06",0.90423,{"date":385,"score":202,"percentile":386},"2026-01-07",0.90426,{"date":388,"score":202,"percentile":389},"2026-01-08",0.9043,{"date":391,"score":202,"percentile":389},"2026-01-09",{"date":393,"score":202,"percentile":394},"2026-01-10",0.90432,{"date":396,"score":202,"percentile":397},"2026-01-11",0.90425,{"date":399,"score":202,"percentile":386},"2026-01-12",{"date":401,"score":202,"percentile":383},"2026-01-13",{"date":403,"score":202,"percentile":404},"2026-01-14",0.90437,{"date":406,"score":202,"percentile":407},"2026-01-15",0.90441,{"date":409,"score":202,"percentile":410},"2026-01-16",0.90444,{"date":412,"score":202,"percentile":413},"2026-01-17",0.90442,{"date":415,"score":202,"percentile":410},"2026-01-18",{"date":417,"score":202,"percentile":410},"2026-01-19",{"date":419,"score":202,"percentile":420},"2026-01-20",0.90445,{"date":422,"score":202,"percentile":423},"2026-01-21",0.90447,{"date":425,"score":202,"percentile":426},"2026-01-22",0.90449,{"date":428,"score":202,"percentile":429},"2026-01-23",0.90458,{"date":431,"score":202,"percentile":432},"2026-01-24",0.90465,{"date":434,"score":202,"percentile":435},"2026-01-25",0.90466,{"date":437,"score":202,"percentile":438},"2026-01-26",0.90468,{"date":440,"score":202,"percentile":441},"2026-01-27",0.90471,{"date":443,"score":202,"percentile":444},"2026-01-28",0.90477,{"date":446,"score":202,"percentile":447},"2026-01-29",0.90476,{"date":449,"score":202,"percentile":450},"2026-01-30",0.90475,{"date":452,"score":202,"percentile":453},"2026-01-31",0.90486,{"date":455,"score":279,"percentile":456},"2026-02-01",0.85393,[458,468,470,472],{"source":97,"cvss_v2_0":459,"cvss_v3_0":464,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":460,"baseSeverity":9,"vectorString":461,"impactScore":462,"exploitabilityScore":463},4.3,"AV:N/AC:M/Au:N/C:N/I:P/A:N",2.9,8.6,{"baseScore":95,"baseSeverity":465,"vectorString":98,"impactScore":466,"exploitabilityScore":467},"MEDIUM",4.5,7.2,{"source":104,"cvss_v2_0":9,"cvss_v3_0":469,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":95,"baseSeverity":9,"vectorString":98,"impactScore":466,"exploitabilityScore":467},{"source":105,"cvss_v2_0":9,"cvss_v3_0":471,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":95,"baseSeverity":9,"vectorString":98,"impactScore":466,"exploitabilityScore":467},{"source":106,"cvss_v2_0":9,"cvss_v3_0":473,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":95,"baseSeverity":9,"vectorString":98,"impactScore":466,"exploitabilityScore":467},[475,494,500,504,514,522,529,532,538],{"ecosystem":476,"name":477,"vendor":478,"product":479,"cpe_part":9,"purl_type":480,"purl_namespace":478,"purl_name":479,"source":9,"versions":481},"Packagist","twbs/bootstrap","twbs","bootstrap","composer",[482,490],{"version":483,"is_range":484,"range_type":485,"version_start":486,"version_start_type":487,"version_end":488,"version_end_type":489,"fixed_in":9},"gte2_0_4_lt3_4_0",true,"ecosystem","2.0.4","including","3.4.0","excluding",{"version":491,"is_range":484,"range_type":485,"version_start":492,"version_start_type":487,"version_end":493,"version_end_type":489,"fixed_in":9},"gte4_0_0_beta_lt4_0_0_beta_2","4.0.0-beta","4.0.0-beta.2",{"ecosystem":495,"name":479,"vendor":495,"product":479,"cpe_part":9,"purl_type":496,"purl_namespace":9,"purl_name":479,"source":9,"versions":497},"RubyGems","gem",[498],{"version":499,"is_range":484,"range_type":485,"version_start":9,"version_start_type":9,"version_end":493,"version_end_type":489,"fixed_in":9},"lt4_0_0_beta_2",{"ecosystem":495,"name":501,"vendor":495,"product":501,"cpe_part":9,"purl_type":496,"purl_namespace":9,"purl_name":501,"source":9,"versions":502},"bootstrap-sass",[503],{"version":483,"is_range":484,"range_type":485,"version_start":486,"version_start_type":487,"version_end":488,"version_end_type":489,"fixed_in":9},{"ecosystem":9,"name":479,"vendor":505,"product":479,"cpe_part":506,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":507},"getbootstrap","a",[508,512],{"version":509,"is_range":484,"range_type":510,"version_start":511,"version_start_type":487,"version_end":488,"version_end_type":489,"fixed_in":9},"gte3.0.0_lt3.4.0","cpe","3.0.0",{"version":513,"is_range":52,"range_type":510,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.0.0:beta",{"ecosystem":515,"name":516,"vendor":517,"product":479,"cpe_part":9,"purl_type":518,"purl_namespace":517,"purl_name":479,"source":9,"versions":519},"Maven","org.webjars:bootstrap","org.webjars","maven",[520,521],{"version":483,"is_range":484,"range_type":485,"version_start":486,"version_start_type":487,"version_end":488,"version_end_type":489,"fixed_in":9},{"version":491,"is_range":484,"range_type":485,"version_start":492,"version_start_type":487,"version_end":493,"version_end_type":489,"fixed_in":9},{"ecosystem":523,"name":479,"vendor":523,"product":479,"cpe_part":9,"purl_type":524,"purl_namespace":9,"purl_name":479,"source":9,"versions":525},"Npm","npm",[526,528],{"version":483,"is_range":484,"range_type":527,"version_start":486,"version_start_type":487,"version_end":488,"version_end_type":489,"fixed_in":9},"semver",{"version":491,"is_range":484,"range_type":527,"version_start":492,"version_start_type":487,"version_end":493,"version_end_type":489,"fixed_in":9},{"ecosystem":523,"name":501,"vendor":523,"product":501,"cpe_part":9,"purl_type":524,"purl_namespace":9,"purl_name":501,"source":9,"versions":530},[531],{"version":483,"is_range":484,"range_type":527,"version_start":486,"version_start_type":487,"version_end":488,"version_end_type":489,"fixed_in":9},{"ecosystem":533,"name":479,"vendor":533,"product":479,"cpe_part":9,"purl_type":534,"purl_namespace":9,"purl_name":479,"source":9,"versions":535},"NuGet","nuget",[536,537],{"version":483,"is_range":484,"range_type":485,"version_start":486,"version_start_type":487,"version_end":488,"version_end_type":489,"fixed_in":9},{"version":491,"is_range":484,"range_type":485,"version_start":492,"version_start_type":487,"version_end":493,"version_end_type":489,"fixed_in":9},{"ecosystem":533,"name":539,"vendor":533,"product":539,"cpe_part":9,"purl_type":534,"purl_namespace":9,"purl_name":539,"source":9,"versions":540},"bootstrap.sass",[541],{"version":491,"is_range":484,"range_type":485,"version_start":492,"version_start_type":487,"version_end":493,"version_end_type":489,"fixed_in":9}]