21 matches found
EUVD-2019-0174
Malware in sbrugna...
Security Bulletin: IBM Storage Ceph is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross Site Scripting') in Bootstrap (CVE-2018-14041)
Summary Bootstrap is used by IBM Storage Ceph as a CSS framework. CVE-2018-14041 This bulletin identifies the steps to take to address the vulnerability in Bootstrap. Vulnerability Details CVEID: CVE-2018-14041 DESCRIPTION: Bootstrap is vulnerable to cross-site scripting, caused by improper...
RHEL 9 : Red Hat Ceph Storage 6.1 (RHSA-2023:5693)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5693 advisory. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system...
F5 Networks BIG-IP : Bootstrap vulnerability (K000133673)
The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.3.3 / 14.1.2.4 / 15.1.0 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K000133673 advisory. - In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the...
F5 Networks BIG-IP : Bootstrap vulnerability (K05380109)
The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.3.4 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K05380109 advisory. In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.CVE-2018-14041ImpactAn attacker...
K05380109: Bootstrap vulnerability CVE-2018-14041
Security Advisory Description In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy. CVE-2018-14041 Impact An attacker may exploit this vulnerability to perform a cross-site scripting XSS attack. Security Advisory Status F5 Product Development has assigned ID 767373...
Amazon Linux 2 : ipa (ALAS-2020-1519)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1519 advisory. jQuery before 3.0.0 is vulnerable to Cross-site Scripting XSS attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed...
Security Bulletin: IBM Cloud Private Monitoring is vulnerable to XSS attack in Prometheus (CVE-2018-14041)
Summary IBM Cloud Private Monitoring is vulnerable to XSS attack in Prometheus Vulnerability Details CVEID: CVE-2018-14041 DESCRIPTION: Bootstrap is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the data-target property of scrollspy. A remote attacker...
Security Bulletin: API Connect V5 is impacted by vulnerabilities in Bootstrap (CVE-2018-14040 CVE-2018-14041 CVE-2018-14042)
Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-14042 DESCRIPTION: Bootstrap is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the the data-container property of tooltip. A remote attacker could...
JVN#06527859: KinagaCMS vulnerable to cross-site scripting
KinagaCMS is an opensource Contents Management System CMS. KinagaCMS uses the old version of Bootstrap thus inherits multiple cross-site scripting vulnerabilities CWE-79: CVE-2018-14040, CVE-2018-14041, CVE-2019-8331 existed in Bootstrap. Impact The information on the system may be obtained or...
CVE-2018-14041
creationtimestamp| type| source ---|---|--- 2019-01-09 08:48:33+00:00| seen| https://t.me/cibsecurity/1927 2024-09-12 10:16:41+00:00| seen| Telegram/KQJ2fokDRUpEEMEdtilLJpNYW94QEwCQWFCqP7BH6XiY 2024-11-22 19:21:06+00:00| seen| Telegram/7xy8m8D7fgOGwoIR6HjmmP2At3jdJJYpZoVCZOBhctBhpw 2024-11-22...
CVE-2016-10735
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041...
CVE-2016-10735
CVE-2016-10735 affects Bootstrap 3.x prior to 3.4.0 and 4.x-beta prior to 4.0.0-beta.2, enabling cross-site scripting via the data-target attribute. This is a distinct issue from CVE-2018-14041. The vulnerability arises from improper handling of data-target, allowing injected scripts/HTML through...
Bootstrap Cross-site Scripting vulnerability
In Bootstrap starting in version 2.3.0 and prior to versions 3.4.0 and 4.1.2, XSS is possible in the data-container property of tooltip. This is similar to CVE-2018-14041...
com.slyak:slyak-web-bootstrap (>=1.0.3.RELEASE <=1.0.4.RELEASE), de.smartsquare.squit:de.smartsquare.squit.gradle.plugin (>=2.0.0 <=2.2.0) +23 more potentially affected by CVE-2018-14041 via org.webjars:bootstrap (>=4.0.0 <=4.1.1)
org.webjars:bootstrap MAVEN version =4.0.0, =1.0.3.RELEASE, =2.0.0, =2.1.0, =2.0.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.3 - org.orienteer:orienteer-architect =1.4 - org.orienteer:orienteer-birt =1.4 - org.orienteer:orienteer-bpm =1.4 - org.orienteer:orienteer-camel =1.4 -...
Bootstrap Cross-site Scripting vulnerability
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. This is similar to CVE-2018-14041...
Bootstrap Cross-site Scripting vulnerability
In Bootstrap starting in version 2.3.0 and prior to versions 3.4.0 and 4.1.2, XSS is possible in the data-container property of tooltip. This is similar to CVE-2018-14041...
CVE-2018-14041
In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy...
CVE-2018-14041
In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy...
CVE-2018-14041
CVE-2018-14041 affects Bootstrap: XSS in the data-target attribute of scrollspy for Bootstrap versions before 4.1.2. The root cause is unvalidated input in data-target, enabling HTML/JS injection. Remediation is to upgrade to Bootstrap 4.1.2 or later (as referenced by Bootstrap’s security note). ...