Lucene search

K

Veracode Vulnerability DatabaseVERACODE:6514

HistoryJun 04, 2018 - 9:28 a.m.

Cross-Site Scripting (XSS)

2018-06-0409:28:27

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

108

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

bootstrap is vulnerable to cross-site scripting (XSS) attacks. The library does not properly sanitize the target option in scrollspy.js, allowing a malicious user to inject and execute arbitrary Javascript.

CPENameOperatorVersion
bootstraple3.3.7
bootstraple4.1.1
bootstraple3.3.7
bootstraple4.1.1
bootstraple3.3.7
bootstraple4.1.1
bootstraple4.1.1
bootstraple3.3.7-1
bootstraple3.3.7
bootstraple4.1.1

Rows per page:

1-10 of 671

References

packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html

packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html

seclists.org/fulldisclosure/2019/May/10

seclists.org/fulldisclosure/2019/May/11

seclists.org/fulldisclosure/2019/May/13

access.redhat.com/errata/RHSA-2019:1456

blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/

github.com/twbs/bootstrap/commit/635d861027ad63b0832af3f68252f48c9378e2da

github.com/twbs/bootstrap/commit/cc61edfa8af7b5ec9d4888c59bf94377e499b78b

github.com/twbs/bootstrap/issues/26423

github.com/twbs/bootstrap/issues/26627

github.com/twbs/bootstrap/issues/27915

github.com/twbs/bootstrap/pull/26630

github.com/twbs/bootstrap/pull/27047

lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E

lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714@%3Cissues.hbase.apache.org%3E

seclists.org/bugtraq/2019/May/18

www.oracle.com/security-alerts/cpuApr2021.html

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

Related for VERACODE:6514

ibm8 prion2 cve2 osv5 redhatcve1 nessus14 ubuntucve2 f52 gitlab2 typo31 debiancve2 openvas1 rubygems2 github3 hackerone1 jvn1 redhat7 amazon1 oracle1