CVE-2016-10735

Name: CVE-2016-10735
Creator: NVD / NIST
Published: 2019-01-09T05:29:00.883+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 4.04%

Last modified Jun 17, 2026

CVE-2016-10735 is a vulnerability of currently unknown severity. In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.. EPSS estimates a 4.04% chance of exploitation in the next 30 days.

Description

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.

Metrics

EPSS Probability

4.04%

89.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-79

Affected Software

Vendor	Product	Versions	Update
Getbootstrap	Bootstrap	>= 3.0.0, < 3.4.0	—
Getbootstrap	Bootstrap	4.0.0	Beta

References

https://access.redhat.com/errata/RHBA-2019:1076
https://access.redhat.com/errata/RHBA-2019:1570
https://access.redhat.com/errata/RHSA-2019:1456
https://access.redhat.com/errata/RHSA-2019:3023
https://access.redhat.com/errata/RHSA-2020:0132
https://access.redhat.com/errata/RHSA-2020:0133
https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/Release Notes, Third Party Advisory
https://github.com/twbs/bootstrap/issues/20184Exploit, Issue Tracking, Third Party Advisory
https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906Issue Tracking, Third Party Advisory
https://github.com/twbs/bootstrap/pull/23679Third Party Advisory
https://github.com/twbs/bootstrap/pull/23687Patch, Third Party Advisory
https://github.com/twbs/bootstrap/pull/26460Third Party Advisory
https://www.tenable.com/security/tns-2021-14
https://access.redhat.com/errata/RHBA-2019:1076
https://access.redhat.com/errata/RHBA-2019:1570
https://access.redhat.com/errata/RHSA-2019:1456
https://access.redhat.com/errata/RHSA-2019:3023
https://access.redhat.com/errata/RHSA-2020:0132
https://access.redhat.com/errata/RHSA-2020:0133
https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/Release Notes, Third Party Advisory
https://github.com/twbs/bootstrap/issues/20184Exploit, Issue Tracking, Third Party Advisory
https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906Issue Tracking, Third Party Advisory
https://github.com/twbs/bootstrap/pull/23679Third Party Advisory
https://github.com/twbs/bootstrap/pull/23687Patch, Third Party Advisory
https://github.com/twbs/bootstrap/pull/26460Third Party Advisory
https://www.tenable.com/security/tns-2021-14

Timeline

Published: Jan 9, 2019
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2016-10735?

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.

How severe is CVE-2016-10735?

Severity scoring for CVE-2016-10735 is pending analysis. The EPSS model estimates a 4.04% probability of exploitation in the next 30 days.

How do I fix CVE-2016-10735?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2016-10735?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST