-
-
Notifications
You must be signed in to change notification settings - Fork 218
/
CVE-2018-14040.yml
24 lines (24 loc) · 771 Bytes
/
CVE-2018-14040.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
---
gem: bootstrap
cve: 2018-14040
ghsa: 3wqf-4x89-9g79
url: https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/
title: XSS vulnerabilities via data-parent, data-target, data-container in bootstrap
date: 2018-07-03
description: |
In Bootstrap before 4.1.2, XSS is possible in collapse data-parent
attribute (CVE-2018-14040), data-target property of scrollspy
(CVE-2018-14041), data-container property of tooltip (CVE-2018-14042)
cvss_v2: 4.3
cvss_v3: 6.1
patched_versions:
- ">= 4.1.2"
related:
cve:
- 2018-14041
- 2018-14042
url:
- https://nvd.nist.gov/vuln/detail/cve-2018-14040
- https://github.com/twbs/bootstrap/issues/26423
- https://github.com/twbs/bootstrap/pull/26630
- https://github.com/advisories/GHSA-3wqf-4x89-9g79