Описание
Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a cross-site scripting flaw in the highlighter() function. An attacker could exploit this via user interaction to execute code in the user's browser.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.10 | golang-github-prometheus-prometheus | Not affected | ||
| Red Hat OpenShift Container Platform 3.11 | golang-github-prometheus-prometheus | Not affected | ||
| Red Hat OpenShift Container Platform 3.9 | golang-github-prometheus-prometheus | Not affected | ||
| Red Hat OpenShift Container Platform 4.2 | openshift4/ose-prometheus | Fixed | RHSA-2019:3771 | 13.11.2019 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=1735506bootstrap3-typeahead.js: Cross-site scripting via highlighter() function
6.1 Medium
CVSS3
Связанные уязвимости
CVSS3: 6.1
nvd
больше 6 лет назад
Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a cross-site scripting flaw in the highlighter() function. An attacker could exploit this via user interaction to execute code in the user's browser.
6.1 Medium
CVSS3