CVE-2018-14040 (bootstrap): XSS vulnerabilities via data-parent, data-target, data-container in bootstrap

ADVISORIES

CVE-2018-14040 (NVD)
GHSA-3wqf-4x89-9g79
Vendor Advisory

GEM

bootstrap

SEVERITY

CVSS v3.x: 6.1 (Medium)

CVSS v2.0: 4.3 (Medium)

PATCHED VERSIONS

>= 4.1.2

DESCRIPTION

In Bootstrap before 4.1.2, XSS is possible in collapse data-parent attribute (CVE-2018-14040), data-target property of scrollspy (CVE-2018-14041), data-container property of tooltip (CVE-2018-14042)

CVE-2018-14041 (NVD)
CVE-2018-14042 (NVD)
https://nvd.nist.gov/vuln/detail/cve-2018-14040
https://github.com/twbs/bootstrap/issues/26423
https://github.com/twbs/bootstrap/pull/26630
https://github.com/advisories/GHSA-3wqf-4x89-9g79

RubySec

CVE-2018-14040 (bootstrap): XSS vulnerabilities via data-parent, data-target, data-container in bootstrap

ADVISORIES

GEM

SEVERITY

PATCHED VERSIONS

DESCRIPTION

RELATED

Recent Advisories