CVE-2018-14042 | Tenable®

Links

Tenable Community & Support

Tenable University

Settings

Severity

Theme

CVE-2018-14042

medium

Description

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.

References

https://github.com/twbs/bootstrap/pull/26630

https://github.com/twbs/bootstrap/issues/26628

https://github.com/twbs/bootstrap/issues/26423

https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/

https://seclists.org/bugtraq/2019/May/18

http://seclists.org/fulldisclosure/2019/May/13

http://seclists.org/fulldisclosure/2019/May/11

http://seclists.org/fulldisclosure/2019/May/10

https://lists.apache.org/thread.html/[email protected]%3Cdev.superset.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.drill.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.drill.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cissues.drill.apache.org%3E

http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html

https://lists.apache.org/thread.html/[email protected]%3Cissues.hbase.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccommits.pulsar.apache.org%3E

https://www.oracle.com/security-alerts/cpuApr2021.html

Details

Source: MITRE

Published: 2018-07-13

Updated: 2021-07-22

Type: CWE-79

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Impact Score: 2.7

Exploitability Score: 2.8

Severity: MEDIUM