CVE-2018-14042

Опубликовано: 13 июл. 2018

Источник: debian

EPSS Низкий

Описание

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.

Пакет	Статус	Версия исправления	Релиз	Тип
twitter-bootstrap	removed			package
twitter-bootstrap	no-dsa		stretch	package
twitter-bootstrap	no-dsa		jessie	package
twitter-bootstrap3	fixed	3.4.0+dfsg-1		package
twitter-bootstrap3	fixed	3.3.7+dfsg-2+deb9u1	stretch	package
twitter-bootstrap3	not-affected		jessie	package

https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/
https://github.com/twbs/bootstrap/issues/26423
https://github.com/twbs/bootstrap/issues/26628
https://github.com/twbs/bootstrap/pull/26630
https://github.com/twbs/bootstrap/pull/26630/commits/efca80bb5bb34546a2e7a9488b89f71457d2ad92
https://snyk.io/vuln/npm:bootstrap:20180529
https://github.com/twbs/bootstrap/commit/2d90d369bbc2bd2647620246c55cec8c4705e3d0 (v4.1.2)
https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d (v3.4.0)

EPSS

Процентиль: 81%

0.017

Низкий

CVE-2018-14042

CVSS3: 6.1

ubuntu

почти 7 лет назад

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.

CVE-2018-14042

CVSS3: 6.1

redhat

около 7 лет назад

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.

CVE-2018-14042

CVSS3: 6.1

nvd

почти 7 лет назад

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.

GHSA-7mvr-5x2g-wfc8

CVSS3: 6.1

github

почти 7 лет назад

Bootstrap Cross-site Scripting vulnerability

RLSA-2020:4670

rocky

больше 4 лет назад

Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update

EPSS

Процентиль: 81%

0.017

Низкий