CVE-2018-14040

Опубликовано: 13 июл. 2018

Источник: debian

EPSS Низкий

Описание

In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.

Пакет	Статус	Версия исправления	Релиз	Тип
twitter-bootstrap	removed			package
twitter-bootstrap	no-dsa		stretch	package
twitter-bootstrap	no-dsa		jessie	package
twitter-bootstrap3	fixed	3.4.0+dfsg-1		package
twitter-bootstrap3	fixed	3.3.7+dfsg-2+deb9u1	stretch	package

https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/
https://github.com/twbs/bootstrap/issues/26423
https://github.com/twbs/bootstrap/issues/26625
https://github.com/twbs/bootstrap/pull/26630
https://github.com/twbs/bootstrap/pull/26630/commits/3ba186313e9e651bbd52a6a3a0305891dee0a621
https://snyk.io/vuln/npm:bootstrap:20180529
https://github.com/twbs/bootstrap/commit/149096016f70fd815540d62c0989fd99cdc809e0 (v4.1.2)
https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d (v3.4.0)

EPSS

Процентиль: 73%

0.00811

Низкий

CVE-2018-14040

CVSS3: 6.1

ubuntu

около 7 лет назад

In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.

CVE-2018-14040

CVSS3: 6.1

redhat

около 7 лет назад

In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.

CVE-2018-14040

CVSS3: 6.1

nvd

около 7 лет назад

In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.

GHSA-3wqf-4x89-9g79

CVSS3: 6.1

github

около 3 лет назад

Bootstrap vulnerable to Cross-Site Scripting (XSS)

RLSA-2020:4670

rocky

почти 5 лет назад

Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update

EPSS

Процентиль: 73%

0.00811

Низкий