Bitcoin / Alts private portfolio tracker, with email / text / alexa / telegram price alerts, charts, leverage support and much more.
Home Page: https://taoteh1221.github.io
License: GNU General Public License v3.0
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
![mend-bolt-for-github[bot] avatar](https://avatars.githubusercontent.com/in/16809?v=4 "mend-bolt-for-github[bot]")
As of now we have following setting in this section:
Visual or Audio Alerts For Price Changes: Yes/No coingecko.com +5% 1hr/24hrs/7days visual/audio-visual
So, can this +5% can be splited in some thing like this
+/-/± 5%
I mean to say if this value is seplit in two different drop down menu with one menu containing + - and ± as the sign and other menu with the value then we can have a more precise data observation and with the ± option we can have both +ve and -ve values in the Portfolio with their respective colour code.
I would like to request to include two small modifications in the UI
It would be a great feature if this application can trigger a message for listing and delisting of coins from any exchange, this can help in making a quick modifications in the config file.
The new version of this app is throwing 5.05.0 is throwing error code 500, while trying to auto-refresh the portfolio or when trying to save the cookies under settings.
As of now we receive emails alerts for price change in the different exchanges, but we don't receives any mails for the the new version of DFD application, it would be great if the get a email notifications push by DFD directly in our inbox and this can help us to know when a new package is available for upgrade.
Vulnerable Library - bootstrap-3.3.4.min.jsThe most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.4/js/bootstrap.min.js
Path to vulnerable library: /app-lib/php/classes/3rd-party/google-api/vendor/phpunit/php-code-coverage/src/CodeCoverage/Report/HTML/Renderer/Template/js/bootstrap.min.js
Dependency Hierarchy:
Found in HEAD commit: 3e2ad735aa3953c32ce3836b20506bd976935c0c
Found in base branch: main
Vulnerability Details
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
Publish Date: 2019-02-20
URL: CVE-2019-8331
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: twbs/bootstrap#28236
Release Date: 2019-02-20
Fix Resolution: bootstrap - 3.4.1,4.3.1;bootstrap-sass - 3.4.1,4.3.1
Step up your Open Source Security Game with WhiteSource here
I have seen today that Buyucoin is using new API and they have dropped the old API so please fix those and documentation is available at:
https://documenter.getpostman.com/view/2739249/Szme5eNF?version=latest
Vulnerable Library - jquery-1.11.3.min.jsJavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.3/jquery.min.js
Path to vulnerable library: /app-lib/php/classes/3rd-party/google-api/vendor/phpunit/php-code-coverage/src/CodeCoverage/Report/HTML/Renderer/Template/js/jquery.min.js
Dependency Hierarchy:
Found in HEAD commit: 3e2ad735aa3953c32ce3836b20506bd976935c0c
Found in base branch: main
Vulnerability Details
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Publish Date: 2018-01-18
URL: CVE-2015-9251
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9251
Release Date: 2018-01-18
Fix Resolution: jQuery - v3.0.0
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - bootstrap-3.3.4.min.jsThe most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.4/js/bootstrap.min.js
Path to vulnerable library: /app-lib/php/classes/3rd-party/google-api/vendor/phpunit/php-code-coverage/src/CodeCoverage/Report/HTML/Renderer/Template/js/bootstrap.min.js
Dependency Hierarchy:
Found in HEAD commit: 3e2ad735aa3953c32ce3836b20506bd976935c0c
Found in base branch: main
Vulnerability Details
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
Publish Date: 2018-07-13
URL: CVE-2018-14040
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: twbs/bootstrap#26630
Release Date: 2018-07-13
Fix Resolution: org.webjars.npm:bootstrap:4.1.2,org.webjars:bootstrap:3.4.0
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - jquery-1.11.3.min.jsJavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.3/jquery.min.js
Path to vulnerable library: /app-lib/php/classes/3rd-party/google-api/vendor/phpunit/php-code-coverage/src/CodeCoverage/Report/HTML/Renderer/Template/js/jquery.min.js
Dependency Hierarchy:
Found in HEAD commit: 3e2ad735aa3953c32ce3836b20506bd976935c0c
Found in base branch: main
Vulnerability Details
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11023
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2020-04-29
Fix Resolution: jquery - 3.5.0;jquery-rails - 4.4.0
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - bootstrap-3.3.4.min.jsThe most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.4/js/bootstrap.min.js
Path to vulnerable library: /app-lib/php/classes/3rd-party/google-api/vendor/phpunit/php-code-coverage/src/CodeCoverage/Report/HTML/Renderer/Template/js/bootstrap.min.js
Dependency Hierarchy:
Found in HEAD commit: 3e2ad735aa3953c32ce3836b20506bd976935c0c
Found in base branch: main
Vulnerability Details
In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.
Publish Date: 2019-01-09
URL: CVE-2018-20676
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20676
Release Date: 2019-01-09
Fix Resolution: bootstrap - 3.4.0
Step up your Open Source Security Game with WhiteSource here
It would be great if we have a separate page for market that would list top 100 or 200 coins in one page with following type of details
| Chose your market source | Coingecko.com / Coinmarketcap.com | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Changes in the market | |||||||||
| Ranking | Coin / Token | Global Average value | 1 hrs | 24 hrs | 7 days | 14 days | 30 days | 200 days | 1 year |
| 1 | Bitcoin | ||||||||
| 2 | Ethereum |
We already have the API calls to the both the market and we just required to accommodate those value in a separate page, this will give a good overview of the crypto market at one place.
Please add few more coins in the portfolio assets and in chart section
Vulnerable Library - league/flysystem-1.0.55Abstraction for local and remote filesystems
Dependency Hierarchy:
Found in HEAD commit: c1b5f582bf2a5c1410973b10b0b612657a9df5f2
Found in base branch: main
Vulnerability Details
Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions are: A user is allowed to supply the path or filename of an uploaded file, the supplied path or filename is not checked against unicode chars, the supplied pathname checked against an extension deny-list, not an allow-list, the supplied path or filename contains a unicode whitespace char in the extension, the uploaded file is stored in a directory that allows PHP code to be executed. Given these conditions are met a user can upload and execute arbitrary code on the system under attack. The unicode whitespace removal has been replaced with a rejection (exception). For 1.x users, upgrade to 1.1.4. For 2.x users, upgrade to 2.1.1.
Publish Date: 2021-06-24
URL: CVE-2021-32708
CVSS 3 Score Details (8.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-9f46-5r25-5wfm
Release Date: 2021-06-24
Fix Resolution: 1.1.4,2.1.1
Step up your Open Source Security Game with WhiteSource here
I am trying to change the colour of the graph that are being drawn, but unsuccessful, so I write to you, please let me know how to change the colour of the graph.
I have not found any single API that makes all the information available from the Unocoin site, well I found a documentation at the following link https://www.unocoin.com/in/support/api-documentation
In my investigation, I found two different URL structure
https://api.unocoin.com/api/exchange/pairs (this list all the listed coin in the exchange.)
https://api.unocoin.com/api/exchange/prices/INR/BAT (this provide the details of BAT in INR value in the exchange)
Please have a look at the documentation and try to incorporate it in the tracker.
There is no proper behavior with Price Change Visual / Audio Alerts: setting from the UI
Vulnerable Library - jquery-1.11.3.min.jsJavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.3/jquery.min.js
Path to vulnerable library: /app-lib/php/classes/3rd-party/google-api/vendor/phpunit/php-code-coverage/src/CodeCoverage/Report/HTML/Renderer/Template/js/jquery.min.js
Dependency Hierarchy:
Found in HEAD commit: 3e2ad735aa3953c32ce3836b20506bd976935c0c
Found in base branch: main
Vulnerability Details
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
Publish Date: 2019-04-20
URL: CVE-2019-11358
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
Release Date: 2019-04-20
Fix Resolution: 3.4.0
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - league/flysystem-1.0.55Abstraction for local and remote filesystems
Dependency Hierarchy:
Found in base branch: main
Vulnerability Details
Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions are: A user is allowed to supply the path or filename of an uploaded file, the supplied path or filename is not checked against unicode chars, the supplied pathname checked against an extension deny-list, not an allow-list, the supplied path or filename contains a unicode whitespace char in the extension, the uploaded file is stored in a directory that allows PHP code to be executed. Given these conditions are met a user can upload and execute arbitrary code on the system under attack. The unicode whitespace removal has been replaced with a rejection (exception). For 1.x users, upgrade to 1.1.4. For 2.x users, upgrade to 2.1.1.
Publish Date: 2021-06-24
URL: CVE-2021-32708
CVSS 3 Score Details (8.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-9f46-5r25-5wfm
Release Date: 2021-06-24
Fix Resolution: 1.1.4,2.1.1
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - jquery-1.11.3.min.jsJavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.3/jquery.min.js
Path to vulnerable library: /app-lib/php/classes/3rd-party/google-api/vendor/phpunit/php-code-coverage/src/CodeCoverage/Report/HTML/Renderer/Template/js/jquery.min.js
Dependency Hierarchy:
Found in HEAD commit: 3e2ad735aa3953c32ce3836b20506bd976935c0c
Found in base branch: main
Vulnerability Details
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11022
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
Release Date: 2020-04-29
Fix Resolution: jQuery - 3.5.0
Step up your Open Source Security Game with WhiteSource here
Please add INR in the supported feat Currency list and extend the list for following exchanges which supports INR.
After upgrading to v4.8.5, the website broke in Firefox and it gives the following output.
where as in Brave browser it works with no issue but it fails to render chart.
Please add this tickers API for CoinDCX exchange : https://public.coindcx.com/exchange/ticker from India.
Originally posted by @s1-ranjan in #11 (comment)
As of now it's possible to receive alerts in the telegram bot, but in order to send messages in the groups and channels is not an easy task, so it would be nice if this tracer is able to push the notifications in the group and channels
Vulnerable Library - composer/composer-1.10.22Composer helps you declare, manage and install dependencies of PHP projects. It ensures you have the right stack everywhere.
Library home page: https://api.github.com/repos/composer/composer/zipball/28c9dfbe2351635961f670773e8d7b17bc5eda25
Dependency Hierarchy:
Found in HEAD commit: 646ba713891c3a8748f730afadfd39f8cf1b635d
Found in base branch: main
Vulnerability Details
Composer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install untrusted dependencies are subject to command injection and should upgrade their composer version. Other OSs and WSL are not affected. The issue has been resolved in composer versions 1.10.23 and 2.1.9. There are no workarounds for this issue.
Publish Date: 2021-10-05
URL: CVE-2021-41116
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-frqg-7g38-6gcf
Release Date: 2021-10-05
Fix Resolution: 1.10.23, 2.1.9
Step up your Open Source Security Game with WhiteSource here
v5.14.2 Linux Desktop Edition:
Fresh install shows a blank screen, stays that way indefinitely. Stopping / restarting works, brings up the admin registration page.
Thanks for this awesome OSS.
Are you planning to support Mac and Windows Operating Systems anytime soon?
Vulnerable Library - bootstrap-3.3.4.min.jsThe most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.4/js/bootstrap.min.js
Path to vulnerable library: /app-lib/php/classes/3rd-party/google-api/vendor/phpunit/php-code-coverage/src/CodeCoverage/Report/HTML/Renderer/Template/js/bootstrap.min.js
Dependency Hierarchy:
Found in HEAD commit: 3e2ad735aa3953c32ce3836b20506bd976935c0c
Found in base branch: main
Vulnerability Details
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
Publish Date: 2019-01-09
URL: CVE-2016-10735
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: twbs/bootstrap#20184
Release Date: 2019-01-09
Fix Resolution: 3.4.0
Step up your Open Source Security Game with WhiteSource here
I wish to get the update on my mobile and I was thinking if these updates can be pushed to mobile via telegram then it can be great.
I tried to add few coins in this app, almost most of the coins are working normally over here but few coins are showing some error as shown below:
[2021-10-12 19:30:06] cron => market: oct_asset->charts_price_alerts() - No INR conversion value (INR pairing) for "uni-7";
[2021-10-12 19:30:09] cron => market: oct_asset->charts_price_alerts() - No INR conversion value (INR pairing) for "bnb-2";
[2021-10-12 19:30:11] cron => market: oct_asset->charts_price_alerts() - No INR conversion value (INR pairing) for "ufii";
[2021-10-12 19:30:11] cron => market: oct_asset->charts_price_alerts() - No INR conversion value (INR pairing) for "ufii-2";
[2021-10-12 19:30:15] cron => market: oct_asset->charts_price_alerts() - No INR conversion value (INR pairing) for "aave";
[2021-10-12 19:30:15] cron => market: oct_asset->charts_price_alerts() - No INR conversion value (INR pairing) for "aave-2";
I am attaching my config file over here please have a look at the configuration and please suggest any corrections in the configuration settings.
config.php.zip
.
Currently, it's not possible to monitor poloniex futures trade from this application, so I request you to extend support for future trades in this app.
Vulnerable Library - bootstrap-3.3.4.min.jsThe most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.4/js/bootstrap.min.js
Path to vulnerable library: /app-lib/php/classes/3rd-party/google-api/vendor/phpunit/php-code-coverage/src/CodeCoverage/Report/HTML/Renderer/Template/js/bootstrap.min.js
Dependency Hierarchy:
Found in HEAD commit: 3e2ad735aa3953c32ce3836b20506bd976935c0c
Found in base branch: main
Vulnerability Details
In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.
Publish Date: 2019-01-09
URL: CVE-2018-20677
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20677
Release Date: 2019-01-09
Fix Resolution: Bootstrap - v3.4.0;NorDroN.AngularTemplate - 0.1.6;Dynamic.NET.Express.ProjectTemplates - 0.8.0;dotnetng.template - 1.0.0.4;ZNxtApp.Core.Module.Theme - 1.0.9-Beta;JMeter - 5.0.0
Step up your Open Source Security Game with WhiteSource here
End-user had issues: taoteh1221/Slideshow_Crypto_Ticker#46 (comment)
As of now, the URLs used to show index.php in the URLs which does not look good, so implementing Pretty links can remove the unwanted .PHP part from the URL.
As of now DFD Cryptocoin is using https://www.zebapi.com/api/v1/market for the Zebpay, and today I discover a new api https://www.zebapi.com/pro/v1/market/ and it provide a much detailed information from Zebpay, so please update it for zebpay.
I hove noticed my host is causing trouble with the cronjobs setting, they always reset the values to null, so I was thinking if this application have the capability to run the cronjob from external server.
Downloaded Open_Crypto_Tracker-v6.00.18-linux-desktop.7z
Unzipped folder to home directory
In terminal, cd ~/Open_Crypto_Tracker-linux-desktop/
./RUN_CRYPTO_TRACKER
This seems to run OK with only INFO: listings until 17 of these appeared:
[0530/201449.311120:WARNING:browser_main_loop.cc(280)] Gtk: Unable to locate theme engine in module_path: "murrine",
Then a few more INFO lines, then:
[0530/201605.309034:WARNING:x11_util.cc(1426)] X error received: serial 331, error_code 3 (BadWindow (invalid Window parameter)), request_code 4, minor_code 0 (X_DestroyWindow)
[0530/201610.439988:WARNING:x11_util.cc(1426)] X error received: serial 148, error_code 3 (BadWindow (invalid Window parameter)), request_code 4, minor_code 0 (X_DestroyWindow)
[0530/202502.875804:WARNING:x11_util.cc(1426)] X error received: serial 363, error_code 3 (BadWindow (invalid Window parameter)), request_code 4, minor_code 0 (X_DestroyWindow)
[0530/202505.392221:WARNING:x11_util.cc(1426)] X error received: serial 289, error_code 3 (BadWindow (invalid Window parameter)), request_code 4, minor_code 0 (X_DestroyWindow)
The window that opens has the following and nothing else:
Error 500: Internal Server Error
CGI program sent malformed or too big (>16384 bytes) HTTP headers: []
Can someone help resolve this?
System:
i7, 32GB Ram, plenty disk,
Fedora 36
There are few tweaks that can be performed on various tabs
i. It would be good to add a blank space in the currency symbol and numeral value, as of now the default look is $10000 it will be good if it look like $ 10000, this can be extended to the graph part also
ii. In the Portfolio page the first column is for short and it does not look good to show a random number in the beginning of a list, so it would be better to drop the first column from the present interface.
iii. The names of the Asset should be aligned left as of now they are appearing to be aligned right
iv. In the portfolio page at the bottom of the page, it shows only one single value of the Crypto asset in term of the selected exchange, it would be nice if it list all the values, in following way.
Bitcoin is trading @ ₹ 770,809.74 on LocalBitcoins, @ ₹ 783,000.00 on Bitbns, @ ₹794,037.40 on BuyuCoin, @ ₹785,009.01 on ZebPay.
From the above type of information the different prices in all the exchange can be viewed at once.
v. It would be nice if the above information type display the prices for all the assets that are been listed in the Asset Name, rather than the single Asset for Bitcoin.
Thanks for the software!
I found that it worked well for some time, I'm not sure what happened but now it is displaying only a portion of the text, which is all zoomed in.
It displays for a second where I can see most things:
Then I am zoomed way in and there is a scrollbar on the right side which I can use to scroll up and down, all the content is there.
I am seeing this behavior on the HDMI and using RealVNC. I have changed the config to add some coins and flip the orientation.
I am using firefox and using Raspbian.
Or I should say the output indicates it is using firefox, but as you can see from my screen shot above, it looks like google is being used.
./ticker-start
server does not have extension for -dpms option
unclutter: someone created a sub-window to my sub-window! giving up
Browser not specified, using default browser firefox...
I fell time has arrived to shorten the configuration file, as of now, the feeds links, the portfolio and chart's setting are being served from a single file, it would be nice if the Portfolio, charts and rss/feeds entry values are being assigned to respective files rather then the main configuration file, and the path to those files can be included in the main configuration, because with the each update it becomes difficult to figure out the exact locations of the each configuration setting.
As of now update tab is taking more width than the default screen resolution so it would be nice if the update table fits well with the screen resolution in order to prevent the horizontal scrolling.
There is no issue with the crypto to fiat currency notification as we get all the information in those two variables i.e., in crypto and fiat currency as shown below:
The BAT trade value in the BTC market at the Poloniex exchange has decreased -20.21% in INR value to ₹32.92 over the past 0.05 days since the last price alert. 24 hour pair volume has decreased -4.84% to a INR value of ₹28,762 (volume filter on).
The issue arises when we are trying to get a notification from crypto-crypto exchange information it would be nice if we can get the following type of notification:
The BAT trade value in the BTC market at the Poloniex exchange has decreased -20.21% in INR value to ₹32.92 or 0.00001381 BTC over the past 0.05 days since the last price alert. 24 hour pair volume has decreased by -4.84% to an INR value of ₹28,762 (volume filter on).
It would be nice if the price of the crypto-crypto also includes the value of crypto in trade value as well as in fiat value i.e.,₹32.92 or 0.00001381 BTC as shown in the above example.
I had it running for a week now. Now it no longer loads the markets and just displays ETH(Error) Loading... or BTC (Error) Loading...
Vulnerable Library - bootstrap-3.3.4.min.jsThe most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.4/js/bootstrap.min.js
Path to vulnerable library: /app-lib/php/classes/3rd-party/google-api/vendor/phpunit/php-code-coverage/src/CodeCoverage/Report/HTML/Renderer/Template/js/bootstrap.min.js
Dependency Hierarchy:
Found in HEAD commit: 3e2ad735aa3953c32ce3836b20506bd976935c0c
Found in base branch: main
Vulnerability Details
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
Publish Date: 2018-07-13
URL: CVE-2018-14042
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: twbs/bootstrap#26630
Release Date: 2018-07-13
Fix Resolution: org.webjars.npm:bootstrap:4.1.2.org.webjars:bootstrap:3.4.0
Step up your Open Source Security Game with WhiteSource here
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.