CVE-2018-14041

🗓️ 13 Jul 2018 14:00:00Reported by mitreType

cve

cve🔗 web.nvd.nist.gov👁 372 Views

XSS possible in data-target property of scrollspy in Bootstrap before 4.1.2

Reporter	Title	Published	Views	Family All 90
IBM Security Bulletins	Security Bulletin: User Behavior Analytics application add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities	20 Nov 202413:56	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Storage Ceph is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross Site Scripting') in Bootstrap (CVE-2018-14041)	18 Jan 202421:00	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Private Monitoring is vulnerable to XSS attack in Prometheus (CVE-2018-14041)	29 Jun 201915:10	–	ibm
IBM Security Bulletins	Security Bulletin: API Connect V5 is impacted by vulnerabilities in Bootstrap (CVE-2018-14040 CVE-2018-14041 CVE-2018-14042)	23 Apr 201918:00	–	ibm
IBM Security Bulletins	Security Bulletin: Cross-Site Scripting (XSS) Vulnerability in data-target Attribute Handling in Bootstrap, affects watsonx.data	7 Apr 202611:00	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities Have Been Identified In IBM Security Verify Privilege Vault previously known as IBM Security Secret Server	23 Sep 202005:03	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Storage Ceph is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross Site Scripting') in Bootstrap (CVE-2018-14041)	26 Jan 202421:58	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities	2 Dec 202121:41	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities	25 Apr 202216:43	–	ibm
Tenable Nessus	Amazon Linux 2 : ipa (ALAS-2020-1519)	28 Oct 202000:00	–	nessus

NVD

Node

getbootstrap bootstrapRange4.0.0–4.1.2

OR

getbootstrap bootstrapMatch4.0.0alpha

OR

getbootstrap bootstrapMatch4.0.0alpha2

OR

getbootstrap bootstrapMatch4.0.0alpha3

OR

getbootstrap bootstrapMatch4.0.0alpha4

OR

getbootstrap bootstrapMatch4.0.0alpha5

OR

getbootstrap bootstrapMatch4.0.0alpha6

OR

getbootstrap bootstrapMatch4.0.0beta

OR

getbootstrap bootstrapMatch4.0.0beta2

OR

getbootstrap bootstrapMatch4.0.0beta3

Source	Link
packetstormsecurity	www.packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html
lists	www.lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714%40%3Cissues.hbase.apache.org%3E
access	www.access.redhat.com/errata/RHSA-2019:1456
blog	www.blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/
seclists	www.seclists.org/fulldisclosure/2019/May/13
github	www.github.com/twbs/bootstrap/issues/26627
packetstormsecurity	www.packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html
github	www.github.com/twbs/bootstrap/pull/26630
seclists	www.seclists.org/bugtraq/2019/May/18
seclists	www.seclists.org/fulldisclosure/2019/May/10

21 Nov 2024 03:48Current

6Medium risk

Vulners AI Score6

CVSS 24.3

CVSS 36.1

EPSS0.07723

cve-2018-14041 bootstrap xss data-target property scrollspy