AZL-44334 CVE-2018-14040 affecting package python-openstackdocstheme 3.0.0-9

In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute...

CVE-2018-14040

In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute...

CVE-2018-14042

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip...

CVE-2018-14041

In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy...

CVE-2018-14040

In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute...

CVE-2018-14042

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip...

CVE-2018-14041

In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy...

CVE-2018-14042

CVE-2018-14042 refers to Bootstrap prior to 4.1.2 where the data-container property used by tooltips can trigger cross-site scripting (XSS). The vulnerability arises in the tooltip component’s handling of the data-container attribute, enabling injection of arbitrary HTML/JS when the affected Boot...

CVE-2018-14040

CVE-2018-14040 affects Bootstrap prior to 4.1.2, where an XSS vulnerability exists in the collapse data-parent attribute. The root cause is HTML/script-injection via the collapse component’s data-parent handling. The vulnerability impacts Bootstrap-based implementations using collapse and can lea...

CVE-2018-14042

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip...

CVE-2018-14041

In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy...

CVE-2018-14040

In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute...

CVE-2018-14041

CVE-2018-14041 affects Bootstrap: XSS in the data-target attribute of scrollspy for Bootstrap versions before 4.1.2. The root cause is unvalidated input in data-target, enabling HTML/JS injection. Remediation is to upgrade to Bootstrap 4.1.2 or later (as referenced by Bootstrap’s security note). ...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

In Bootstrap, XSS is possible in the collapse data-parent attribute...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

In Bootstrap, XSS is possible in the data-target property of scrollspy...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

In Bootstrap, XSS is possible in the data-container property of tooltip...

PT-2018-12296 · Twitter +4 · Bootstrap +4

Name of the Vulnerable Software and Affected Versions: Bootstrap versions 2.3.0 through 4.1.1 Description: The issue allows for XSS in the data-container property of tooltip. There is no information provided about the estimated number of potentially affected devices worldwide or details about...

PT-2018-12295 · Twitter +4 · Bootstrap +4

Name of the Vulnerable Software and Affected Versions: Bootstrap versions 2.3.0 through 3.4.0 Bootstrap versions 4.0.0 through 4.1.1 Description: The issue allows for XSS in the collapse data-parent attribute. Recommendations: For Bootstrap versions 2.3.0 through 3.4.0, update to version 3.4.0 or...

XSS vulnerabilities via data-parent, data-target, data-container in bootstrap

In Bootstrap before 4.1.2, XSS is possible in collapse data-parent attribute CVE-2018-14040, data-target property of scrollspy CVE-2018-14041, data-container property of tooltip CVE-2018-14042...

PBC denial of service vulnerability

PBC is a Google protocol buffer library written in C. A denial of service vulnerability exists in the 'pbcBregisterfields' function in the bootstrap.c file of the libpbc.a static link library in PBC 2017-03-02 and earlier versions. An attacker can exploit this vulnerability to cause a denial of...