Cross-site Scripting (XSS) in bea-stax | CVE-2016-10735

Q: How to fix?

Upgrade Rocky-Linux:8 bea-stax to version 0:1.2.0-16.module+el8.3.0+53+ea062990 or higher. This issue was patched in RLSA-2020:4847 .

Threat Intelligence

Not Defined

0.13% (50^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Cross-site Scripting (XSS) vulnerabilities in an interactive lesson.

Start learning

Snyk IDSNYK-ROCKY8-BEASTAX-3219831
published5 Jan 2023
disclosed9 Jan 2019

Report a new vulnerability Found a mistake?

Introduced: 9 Jan 2019

CVE-2016-10735 (opens in a new tab) CWE-79 (opens in a new tab)

How to fix?

Upgrade Rocky-Linux:8 bea-stax to version 0:1.2.0-16.module+el8.3.0+53+ea062990 or higher.
This issue was patched in RLSA-2020:4847.

NVD Description

Note: Versions mentioned in the description apply only to the upstream bea-stax package and not the bea-stax package as distributed by Rocky-Linux. See How to fix? for Rocky-Linux:8 relevant fixed versions and status.

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.

Cross-site Scripting (XSS) Affecting bea-stax package, versions <0:1.2.0-16.module+el8.3.0+53+ea062990

Severity