Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-20676

Опубликовано: 10 авг. 2018
Источник: redhat
CVSS3: 6.1
EPSS Низкий

Описание

In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.

A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the tooltip data-viewport attribute. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hosting Web site, which can lead to stealing the victim's cookie-based authentication credentials.

Отчет

Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions do not use the vulnerable component at all. Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
CloudForms Management Engine 5bootstrap-sassNot affected
OpenShift Service Mesh 2.1servicemesh-prometheusNot affected
Red Hat 3scale API Management Platform 2bootstrapNot affected
Red Hat Ceph Storage 4cephAffected
Red Hat Ceph Storage 5cephAffected
Red Hat Discoverydiscovery-server-containerNot affected
Red Hat Enterprise Linux 7pki-coreNot affected
Red Hat Enterprise Linux 8389-ds:1.4/389-ds-baseUnder investigation
Red Hat Enterprise Linux 8cockpitUnder investigation
Red Hat Enterprise Linux 8cockpit-appstreamUnder investigation

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=1668082bootstrap: XSS in the tooltip data-viewport attribute

EPSS

Процентиль: 90%
0.05526
Низкий

6.1 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-20676

CVSS3: 6.1
ubuntu
больше 6 лет назад

In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.

nvd логотип

CVE-2018-20676

CVSS3: 6.1
nvd
больше 6 лет назад

In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.

debian логотип

CVE-2018-20676

CVSS3: 6.1
debian
больше 6 лет назад

In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewpor ...

github логотип

GHSA-3mgp-fx93-9xv5

CVSS3: 6.1
github
больше 6 лет назад

XSS vulnerability that affects bootstrap

fstec логотип

BDU:2020-02565

CVSS3: 6.1
fstec
больше 6 лет назад

Уязвимость компонента tooltip набора инструментов для создания сайтов и веб-приложений Bootstrap, позволяющая нарушителю осуществлять межсайтовые сценарные атаки

EPSS

Процентиль: 90%
0.05526
Низкий

6.1 Medium

CVSS3

Уязвимость CVE-2018-20676