CVE-2018-14041

Published: Jul 13, 2018Modified: Nov 21, 2024

6.1

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.

Affected (10)

Products: Getbootstrap: Bootstrap

1 product

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Getbootstrap Bootstrap	From 4.0.0 to 4.1.2
Getbootstrap Bootstrap	Version 4.0.0 alpha2
Getbootstrap Bootstrap	Version 4.0.0 alpha3
Getbootstrap Bootstrap	Version 4.0.0 alpha4
Getbootstrap Bootstrap	Version 4.0.0 alpha5
Getbootstrap Bootstrap	Version 4.0.0 alpha6
Getbootstrap Bootstrap	Version 4.0.0 alpha
Getbootstrap Bootstrap	Version 4.0.0 beta2
Getbootstrap Bootstrap	Version 4.0.0 beta3
Getbootstrap Bootstrap	Version 4.0.0 beta

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (34)

http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html

Source: cve@mitre.org

http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html

Source: cve@mitre.org

http://seclists.org/fulldisclosure/2019/May/10

Source: cve@mitre.org

http://seclists.org/fulldisclosure/2019/May/11

Source: cve@mitre.org

http://seclists.org/fulldisclosure/2019/May/13

Source: cve@mitre.org

https://access.redhat.com/errata/RHSA-2019:1456

Source: cve@mitre.org

https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/

Source: cve@mitre.org

Vendor Advisory

https://github.com/twbs/bootstrap/issues/26423

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://github.com/twbs/bootstrap/issues/26627

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://github.com/twbs/bootstrap/pull/26630

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714%40%3Cissues.hbase.apache.org%3E

Source: cve@mitre.org

https://seclists.org/bugtraq/2019/May/18

Source: cve@mitre.org

https://www.oracle.com/security-alerts/cpuApr2021.html

Source: cve@mitre.org

http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2019/May/10

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2019/May/11

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2019/May/13

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2019:1456

Source: af854a3a-2127-422b-91ae-364da2661108

https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://github.com/twbs/bootstrap/issues/26423

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://github.com/twbs/bootstrap/issues/26627

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

https://github.com/twbs/bootstrap/pull/26630

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714%40%3Cissues.hbase.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://seclists.org/bugtraq/2019/May/18

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.oracle.com/security-alerts/cpuApr2021.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.