Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-14040

Опубликовано: 29 мая 2018
Источник: redhat
CVSS3: 6.1
EPSS Низкий

Описание

In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.

Отчет

Red Hat Satellite 6.2 and newer versions don't use the bootstrap library, hence are not affected by this flaw. Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all. Red Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
CloudForms Management Engine 5cfme-gemsetNot affected
Red Hat 3scale API Management Platform 2bootstrapNot affected
Red Hat Decision Manager 7bootstrapWill not fix
Red Hat Enterprise Linux 7pki-coreWill not fix
Red Hat OpenStack Platform 10 (Newton)python-XStatic-Bootstrap-SCSSWill not fix
Red Hat OpenStack Platform 12 (Pike)python-XStatic-Bootstrap-SCSSAffected
Red Hat OpenStack Platform 13 (Queens)python-XStatic-Bootstrap-SCSSWill not fix
Red Hat OpenStack Platform 14 (Rocky)python-XStatic-Bootstrap-SCSSAffected
Red Hat OpenStack Platform 8 (Liberty)python-XStatic-Bootstrap-SCSSWill not fix
Red Hat OpenStack Platform 9 (Mitaka)python-XStatic-Bootstrap-SCSSWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=1601614bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute

EPSS

Процентиль: 73%
0.00811
Низкий

6.1 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-14040

CVSS3: 6.1
ubuntu
около 7 лет назад

In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.

nvd логотип

CVE-2018-14040

CVSS3: 6.1
nvd
около 7 лет назад

In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.

debian логотип

CVE-2018-14040

CVSS3: 6.1
debian
около 7 лет назад

In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent ...

github логотип

GHSA-3wqf-4x89-9g79

CVSS3: 6.1
github
около 3 лет назад

Bootstrap vulnerable to Cross-Site Scripting (XSS)

rocky логотип

RLSA-2020:4670

rocky
почти 5 лет назад

Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update

EPSS

Процентиль: 73%
0.00811
Низкий

6.1 Medium

CVSS3