Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
WS-2017-0178
Published:May 19, 2026
Updated:May 19, 2026
Affected versions of the package are vulnerable to Cross-site Scripting (XSS).
Affected Packages
r-makefiler (CONDA):
Affected version(s) =1.0
Fix Suggestion:
Update to version no_fix
oncogemini (CONDA):
Affected version(s) >=0.1.0 <=1.0.0
Fix Suggestion:
Update to version no_fix
quast (CONDA):
Affected version(s) >=3.2 <=5.3.0
Fix Suggestion:
Update to version no_fix
r-venn (CONDA):
Affected version(s) >=1.2 <1.8
Fix Suggestion:
Update to version 1.8
targqc (CONDA):
Affected version(s) =1.8.1
Fix Suggestion:
Update to version no_fix
r-ramcharts (CONDA):
Affected version(s) =2.1.13 <2.1.15
Fix Suggestion:
Update to version 2.1.15
gemini (CONDA):
Affected version(s) >=0.17.3dev0 <=0.30.2
Fix Suggestion:
Update to version no_fix
flower (CONDA):
Affected version(s) >=0.8.3 <2.0.0
Fix Suggestion:
Update to version 2.0.0
bootstrap (NPM):
Affected version(s) >=0.0.1 <3.1.1
Fix Suggestion:
Update to version 3.1.1
bootstraptwitter (NUGET):
Affected version(s) >=1.4.0 <2.1.0
Fix Suggestion:
Update to version 2.1.0
maoyuanmvckendojslib (NUGET):
Affected version(s) =1.0.1
Fix Suggestion:
Update to version no_fix
twitterbootstrapmvc3template (NUGET):
Affected version(s) >=1.0.0 <1.0.4
Fix Suggestion:
Update to version 1.0.4
twitter.bootstrap (NUGET):
Affected version(s) =1.3.0 <1.4.0
Fix Suggestion:
Update to version 1.4.0
twitter.bootstrap (NUGET):
Affected version(s) >=2.0.4 <2.1.0
Fix Suggestion:
Update to version 2.1.0
bootstrap (NUGET):
Affected version(s) =1.0.0 <2.3.1
Fix Suggestion:
Update to version 2.3.1
grazewp7 (NUGET):
Affected version(s) >=1.0.0 <=3.0.0
Fix Suggestion:
Update to version no_fix
scaffr (NUGET):
Affected version(s) =1.1.0 <1.1.1
Fix Suggestion:
Update to version 1.1.1
bootstraptwitter (NUGET):
Affected version(s) =2.4.0 <3.0.0
Fix Suggestion:
Update to version 3.0.0
mvcforum (NUGET):
Affected version(s) >=0.8.5.1 <1.0.0.1
Fix Suggestion:
Update to version 1.0.0.1
xsockets.tutorials (NUGET):
Affected version(s) >=0.6.0 <=0.9.2
Fix Suggestion:
Update to version no_fix
silverstripe/deploynaut (PHP):
Affected version(s) >=1.0.1 <dev-cleanup5
Fix Suggestion:
Update to version dev-cleanup5
metabor/start-app (PHP):
Affected version(s) =dev-MopaBootstrapBundle <dev-master
Fix Suggestion:
Update to version dev-master
themelogy/carwash-theme (PHP):
Affected version(s) =1.0.2
Fix Suggestion:
Update to version no_fix
kylekatarnls/jade-php (PHP):
Affected version(s) =dev-master <1.1
Fix Suggestion:
Update to version 1.1
titledk/cloudy (PHP):
Affected version(s) =dev-master
Fix Suggestion:
Update to version no_fix
carlosio/jenkins (PHP):
Affected version(s) =1.0.0 <1.1.0
Fix Suggestion:
Update to version 1.1.0
pug-php/pug (PHP):
Affected version(s) =2.1.2 <2.1.3
Fix Suggestion:
Update to version 2.1.3
sitegeist/nomenclator (PHP):
Affected version(s) =dev-feature/frontendAndStyle <dev-master
Fix Suggestion:
Update to version dev-master
pug-php/pug (PHP):
Affected version(s) >=3.0.0-alpha6 <3.0.0
Fix Suggestion:
Update to version 3.0.0
pablodip/admin-module-bundle (PHP):
Affected version(s) =dev-master
Fix Suggestion:
Update to version no_fix
pug-php/pug (PHP):
Affected version(s) =dev-enable-php-8-test
Fix Suggestion:
Update to version no_fix
pug-php/pug (PHP):
Affected version(s) =3.0.0-alpha2 <3.0.0-alpha3
Fix Suggestion:
Update to version 3.0.0-alpha3
jlaso/tradukoj (PHP):
Affected version(s) >=dev-feature/dockerizing <1.1
Fix Suggestion:
Update to version 1.1
zoomyboy/scoutnet-api (PHP):
Affected version(s) >=dev-master <=0.2.0
Fix Suggestion:
Update to version no_fix
purezero/module_bootstrap (PHP):
Affected version(s) =2.3.1.x-dev <2.3.2.x-dev
Fix Suggestion:
Update to version 2.3.2.x-dev
yetiforce/yetiforce-crm (PHP):
Affected version(s) =4.3.0 <dev-dependabot/composer/developer/sabre/dav-4.3.0
Fix Suggestion:
Update to version dev-dependabot/composer/developer/sabre/dav-4.3.0
rozdol/bi-assets (PHP):
Affected version(s) >=v1.0.5 <=v1.0.17
Fix Suggestion:
Update to version no_fix
paella/twitter-bootstrap-bundle (PHP):
Affected version(s) =dev-master
Fix Suggestion:
Update to version no_fix
pug-php/pug (PHP):
Affected version(s) >=1.11.1 <1.11.3
Fix Suggestion:
Update to version 1.11.3
phraseanet/phraseanet (PHP):
Affected version(s) >=3.7.0 <3.8.0
Fix Suggestion:
Update to version 3.8.0
cupcakephp/cupcakephp (PHP):
Affected version(s) =0.2.x-dev
Fix Suggestion:
Update to version no_fix
optime/jangomail (PHP):
Affected version(s) =dev-master <v1.0
Fix Suggestion:
Update to version v1.0
jeromeschneider/baikal (PHP):
Affected version(s) >=0.2.5 <0.5.1
Fix Suggestion:
Update to version 0.5.1
mopa/symfony-framework-bootstrap-edition (PHP):
Affected version(s) =2.1.x-dev <v2.1.0
Fix Suggestion:
Update to version v2.1.0
pug-php/pug (PHP):
Affected version(s) =2.7.2 <2.7.3
Fix Suggestion:
Update to version 2.7.3
rozdol/bi-assets (PHP):
Affected version(s) >=dev-master <v1.0.3
Fix Suggestion:
Update to version v1.0.3
ronan-gloo/jadephp (PHP):
Affected version(s) =dev-master
Fix Suggestion:
Update to version no_fix
typo3/twitter-bootstrap (PHP):
Affected version(s) =dev-task/flow-9.0-compat
Fix Suggestion:
Update to version no_fix
kylekatarnls/jade-php (PHP):
Affected version(s) =dev-version-2.next <2.0.1
Fix Suggestion:
Update to version 2.0.1
neos/twitter-bootstrap (PHP):
Affected version(s) =2.1.x-dev <2.2.0
Fix Suggestion:
Update to version 2.2.0
kylekatarnls/jade-php (PHP):
Affected version(s) >=3.3.0 <=3.3.1
Fix Suggestion:
Update to version no_fix
pug-php/pug (PHP):
Affected version(s) =2.7.0 <2.7.1
Fix Suggestion:
Update to version 2.7.1
torann/skosh (PHP):
Affected version(s) =dev-master <0.2.0
Fix Suggestion:
Update to version 0.2.0
fightmaster/fightmaster-bootstrap-bundle (PHP):
Affected version(s) =dev-master
Fix Suggestion:
Update to version no_fix
irmnet/auth (PHP):
Affected version(s) =1.0.20
Fix Suggestion:
Update to version no_fix
pug-php/pug (PHP):
Affected version(s) >=1.1.1 <1.4.0
Fix Suggestion:
Update to version 1.4.0
yetiforce/yetiforce-crm (PHP):
Affected version(s) =4.1.0 <dev-dependabot/composer/developer/smarty/smarty-4.1.0
Fix Suggestion:
Update to version dev-dependabot/composer/developer/smarty/smarty-4.1.0
mopa/symfony-framework-bootstrap-edition (PHP):
Affected version(s) =dev-master <v2.0.0BETA1
Fix Suggestion:
Update to version v2.0.0BETA1
bertrandom/flickrclient (PHP):
Affected version(s) =dev-demo <dev-master
Fix Suggestion:
Update to version dev-master
acosf/archersys (PHP):
Affected version(s) >=dev-hdddwinstudent <1.0
Fix Suggestion:
Update to version 1.0
neos/twitter-bootstrap (PHP):
Affected version(s) =2.0.x-dev <2.0.1
Fix Suggestion:
Update to version 2.0.1
pug-php/pug (PHP):
Affected version(s) >=1.5.0 <1.8.0-rc1
Fix Suggestion:
Update to version 1.8.0-rc1
skcms/admin-bundle (PHP):
Affected version(s) =dev-master
Fix Suggestion:
Update to version no_fix
pug-php/pug (PHP):
Affected version(s) =2.3.0 <2.4.0
Fix Suggestion:
Update to version 2.4.0
neos/twitter-bootstrap (PHP):
Affected version(s) =dev-task/flow-9.0-compat
Fix Suggestion:
Update to version no_fix
pug-php/pug (PHP):
Affected version(s) =2.2.0 <2.2.1
Fix Suggestion:
Update to version 2.2.1
farazdagi/phrozn (PHP):
Affected version(s) >=0.5.6 <=1.0.x-dev
Fix Suggestion:
Update to version no_fix
venu/sf2-blog (PHP):
Affected version(s) =dev-master
Fix Suggestion:
Update to version no_fix
wxr/common-bundle (PHP):
Affected version(s) >=dev-master <=v2.1.0
Fix Suggestion:
Update to version no_fix
silverstripe-themes/module_bootstrap (PHP):
Affected version(s) =dev-ssexpress <ssexpress-0.1.0
Fix Suggestion:
Update to version ssexpress-0.1.0
skeeks/yii2-template-unify (PHP):
Affected version(s) >=dev-master <=1.9.1
Fix Suggestion:
Update to version no_fix
intelogie/sipml5 (PHP):
Affected version(s) =dev-master <1.0.0
Fix Suggestion:
Update to version 1.0.0
pug-php/pug (PHP):
Affected version(s) >=dev-feature/php-update <dev-test/add-alternative-versions
Fix Suggestion:
Update to version dev-test/add-alternative-versions
halleck45/behat-wizard-bundle (PHP):
Affected version(s) =v0.2
Fix Suggestion:
Update to version no_fix
jabapoint/cobra (PHP):
Affected version(s) >=dev-master <=0.7
Fix Suggestion:
Update to version no_fix
typo3/twitter-bootstrap (PHP):
Affected version(s) =3.0.8 <dev-flow_7
Fix Suggestion:
Update to version dev-flow_7
pug-php/pug (PHP):
Affected version(s) =1.12.1 <1.12.2
Fix Suggestion:
Update to version 1.12.2
typo3/twitter-bootstrap (PHP):
Affected version(s) >=dev-main <historic-1.0.0-alpha5
Fix Suggestion:
Update to version historic-1.0.0-alpha5
tungphan/yii-demo (PHP):
Affected version(s) =dev-master
Fix Suggestion:
Update to version no_fix
irmnet/ti (PHP):
Affected version(s) >=1.0.4 <10
Fix Suggestion:
Update to version 10
silverstripe-themes/module_bootstrap (PHP):
Affected version(s) =2.3.1.x-dev <2.3.2.x-dev
Fix Suggestion:
Update to version 2.3.2.x-dev
pug-php/pug (PHP):
Affected version(s) >=2.7.4 <3.0.0-RC2
Fix Suggestion:
Update to version 3.0.0-RC2
kylekatarnls/jade-php (PHP):
Affected version(s) =2.7.x-dev <2.7.1
Fix Suggestion:
Update to version 2.7.1
wollnerstudios/assetpipeline (PHP):
Affected version(s) >=1.0.3 <=1.0.31
Fix Suggestion:
Update to version no_fix
8bit-echo/sage (PHP):
Affected version(s) =4.1.0 <dev-dependabot/npm_and_yarn/lodash-4.17.21
Fix Suggestion:
Update to version dev-dependabot/npm_and_yarn/lodash-4.17.21
mparaiso/aclserviceprovider (PHP):
Affected version(s) =dev-silex <0.0.1
Fix Suggestion:
Update to version 0.0.1
pug-php/pug (PHP):
Affected version(s) >=3.1.2 <3.1.4
Fix Suggestion:
Update to version 3.1.4
neos/twitter-bootstrap (PHP):
Affected version(s) =2.2.x-dev <3.0.0
Fix Suggestion:
Update to version 3.0.0
sansis/basebundle (PHP):
Affected version(s) >=dev-master <=v1.0.0
Fix Suggestion:
Update to version no_fix
pug-php/pug (PHP):
Affected version(s) >=2.0.3 <2.1.0
Fix Suggestion:
Update to version 2.1.0
mopa/symfony-framework-bootstrap-edition (PHP):
Affected version(s) >=2.2.x-dev <=2.3.x-dev
Fix Suggestion:
Update to version no_fix
tinindja/microweber-for-laravel-5.8 (PHP):
Affected version(s) >=microweber-0.750 <0.931
Fix Suggestion:
Update to version 0.931
skeeks/yii2-template-smarty (PHP):
Affected version(s) =dev-master <1.0.0
Fix Suggestion:
Update to version 1.0.0
pug-php/pug (PHP):
Affected version(s) =2.4.9 <2.5.0
Fix Suggestion:
Update to version 2.5.0
purezero/module_bootstrap (PHP):
Affected version(s) =dev-ssexpress <ssexpress-0.1.0
Fix Suggestion:
Update to version ssexpress-0.1.0
pug-php/pug (PHP):
Affected version(s) >=3.2.0 <dev-analysis-BowKr6
Fix Suggestion:
Update to version dev-analysis-BowKr6
purezero/module_bootstrap (PHP):
Affected version(s) >=dev-breadcrumb <dev-master
Fix Suggestion:
Update to version dev-master
silverstripe/deploynaut (PHP):
Affected version(s) =1.x-dev <dev-p1-issue
Fix Suggestion:
Update to version dev-p1-issue
chj/laravel (PHP):
Affected version(s) >=dev-develop <chj-v1.0
Fix Suggestion:
Update to version chj-v1.0
pug-php/pug (PHP):
Affected version(s) =2.5.9 <2.6.0
Fix Suggestion:
Update to version 2.6.0
pawka/phrozn (PHP):
Affected version(s) >=0.5.6 <=1.0.x-dev
Fix Suggestion:
Update to version no_fix
wollnerstudios/assetpipeline (PHP):
Affected version(s) =dev-master <1.0.0
Fix Suggestion:
Update to version 1.0.0
neos/twitter-bootstrap (PHP):
Affected version(s) =1.0.x-dev <1.0.1
Fix Suggestion:
Update to version 1.0.1
pug-php/pug (PHP):
Affected version(s) =2.6.4 <2.6.5
Fix Suggestion:
Update to version 2.6.5
pug-php/pug (PHP):
Affected version(s) >=2.4.1 <2.4.5
Fix Suggestion:
Update to version 2.4.5
typo3/twitter-bootstrap (PHP):
Affected version(s) >=1.0.0 <3.0.5
Fix Suggestion:
Update to version 3.0.5
mukulu/admin-bundle (PHP):
Affected version(s) =dev-bootstrap2
Fix Suggestion:
Update to version no_fix
tinindja/microweber-for-laravel-5.8 (PHP):
Affected version(s) >=oop-preview <0.9.5.x-dev
Fix Suggestion:
Update to version 0.9.5.x-dev
pug-php/pug (PHP):
Affected version(s) >=1.10.3 <1.11.0
Fix Suggestion:
Update to version 1.11.0
pug-php/pug (PHP):
Affected version(s) >=1.8.1 <1.10.1
Fix Suggestion:
Update to version 1.10.1
pug-php/pug (PHP):
Affected version(s) >=2.5.2 <2.5.5
Fix Suggestion:
Update to version 2.5.5
yetiforce/yetiforce-crm (PHP):
Affected version(s) =4.0.0 <dev-dependabot/composer/developer/smarty/smarty-4.0.0
Fix Suggestion:
Update to version dev-dependabot/composer/developer/smarty/smarty-4.0.0
yetiforce/yetiforce-crm (PHP):
Affected version(s) =4.2.0 <dev-dependabot/composer/developer/smarty/smarty-4.2.0
Fix Suggestion:
Update to version dev-dependabot/composer/developer/smarty/smarty-4.2.0
optime/jangomail (PHP):
Affected version(s) >=v1.1 <=v2.0
Fix Suggestion:
Update to version no_fix
neos/twitter-bootstrap (PHP):
Affected version(s) >=dev-main <historic-1.0.0-alpha5
Fix Suggestion:
Update to version historic-1.0.0-alpha5
jsmarion/yii2-unify-template (PHP):
Affected version(s) =dev-master
Fix Suggestion:
Update to version no_fix
silverstripe-themes/module_bootstrap (PHP):
Affected version(s) >=dev-breadcrumb <dev-master
Fix Suggestion:
Update to version dev-master
radutopala/phpbeanstalkdadmin (PHP):
Affected version(s) =dev-master
Fix Suggestion:
Update to version no_fix
themelogy/carwash-theme (PHP):
Affected version(s) >=dev-master <1.0.1
Fix Suggestion:
Update to version 1.0.1
neos/twitter-bootstrap (PHP):
Affected version(s) =3.0.8 <dev-flow_7
Fix Suggestion:
Update to version dev-flow_7
torann/skosh (PHP):
Affected version(s) =0.3.0
Fix Suggestion:
Update to version no_fix
silverstripe/deploynaut (PHP):
Affected version(s) =0.9.x-dev <1.0.0
Fix Suggestion:
Update to version 1.0.0
kylekatarnls/jade-php (PHP):
Affected version(s) =2.7.5 <3.0.0-RC1
Fix Suggestion:
Update to version 3.0.0-RC1
irmnet/ti (PHP):
Affected version(s) =dev-master <0.0.0
Fix Suggestion:
Update to version 0.0.0
flower (PYTHON):
Affected version(s) >=0.8.3 <2.0.0
Fix Suggestion:
Update to version 2.0.0
Do you need more information?
Contact Us
CVSS v4
Base Score:
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
PASSIVE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
LOW
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE