Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Bootstrap Cross-site Scripting vulnerability

🗓️ 13 Sep 2018 15:50:32Reported by GitHub Advisory DatabaseType 
github
 github🔗 github.com👁 407 Views

Bootstrap XSS in tooltip data-container property prior to versions 3.4.0 and 4.1.2

Related
Detection
Refs
ReporterTitlePublishedViews
Family
IBM Security Bulletins		Security Bulletin: There are several vulnerabilities in Bootstrap used by IBM Maximo Asset Management
4 Apr 202316:40
ibm
IBM Security Bulletins		Security Bulletin: Multiple vulnerabilities found on thirdparty libraries used by IBM® MobileFirst Platform
26 Mar 202503:41
ibm
IBM Security Bulletins		Security Bulletin: Multiple security vulnerabilities in bootstrap.js may affect IBM Business Automation Workflow
5 Jun 202320:05
ibm
IBM Security Bulletins		Security Bulletin: Multiple vulnerabilities fixed in IBM Security Verify Governance
11 Jan 202416:41
ibm
IBM Security Bulletins		Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities
13 Aug 202122:15
ibm
IBM Security Bulletins		Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerabilities CVE-2020-28500, CVE-2021-23337, CVE-2020-8203
24 Apr 202314:58
ibm
IBM Security Bulletins		Security Bulletin: IBM Storage Ceph is vulnerable to Cross-site Scripting in Ceph (CVE-2018-20677, CVE-2018-20676, CVE-2019-8331, CVE-2018-14042, CVE-2018-14040, CVE-2016-10735)
5 Aug 202420:00
ibm
IBM Security Bulletins		Security Bulletin: API Connect V5 is impacted by vulnerabilities in Bootstrap (CVE-2018-14040 CVE-2018-14041 CVE-2018-14042)
23 Apr 201918:00
ibm
IBM Security Bulletins		Security Bulletin:Vulnerabiilties in swagger-ui and Bootstrap affect watsonx.data
27 Feb 202513:28
ibm
IBM Security Bulletins		Security Bulletin: Cross-Site Scripting (XSS) Vulnerability in data-target Attribute Handling in Bootstrap, affects watsonx.data
7 Apr 202611:00
ibm
Rows per page
Vulners
Node
bootstrap.sassRange4.0.04.1.2nuget
OR
getbootstrapbootstrap-sassRange2.0.43.4.0npm
OR
getbootstrapbootstrap-sassRange2.3.03.4.0rubygems
OR
bootstrapbootstrapRange2.3.03.4.0nuget
OR
bootstrapbootstrapRange4.0.04.1.2nuget
OR
twbsbootstrapRange2.3.03.4.0composer
OR
twbsbootstrapRange4.0.04.1.2composer
OR
org.webjarsbootstrapRange2.3.03.4.0maven
OR
org.webjarsbootstrapRange4.0.04.1.2maven
OR
bootstrapbootstrapRange2.3.03.4.0npm
OR
bootstrapbootstrapRange4.0.04.1.2npm
OR
bootstrapbootstrapRange2.3.03.4.0rubygems
OR
bootstrapbootstrapRange4.0.04.1.2rubygems
SourceLink
nvdwww.nvd.nist.gov/vuln/detail/CVE-2018-14042
githubwww.github.com/twbs/bootstrap/issues/26423
githubwww.github.com/twbs/bootstrap/issues/26628
githubwww.github.com/twbs/bootstrap/pull/26630
listswww.lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
listswww.lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E
listswww.lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
listswww.lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
listswww.lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714@%3Cissues.hbase.apache.org%3E
listswww.lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
08 Jun 2026 23:16Current
6.4Medium risk
Vulners AI Score6.4
CVSS 24.3
CVSS 36.1
EPSS0.03991
CWE-79
bootstrapcross-site scriptingxsstooltipdata-containervulnerabilitycve-2018-14041
407