CVE-2018-20676medium
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.
References
https://github.com/twbs/bootstrap/pull/27047
https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628
https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906
https://github.com/twbs/bootstrap/issues/27044
https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/
https://access.redhat.com/errata/RHSA-2019:1456
https://access.redhat.com/errata/RHBA-2019:1076
https://access.redhat.com/errata/RHBA-2019:1570
https://access.redhat.com/errata/RHSA-2019:3023
https://access.redhat.com/errata/RHSA-2020:0132
https://access.redhat.com/errata/RHSA-2020:0133
https://lists.apache.org/thread.html/[email protected]%3Ccommits.pulsar.apache.org%3E
Details
Source: MITRE
Published: 2019-01-09
Updated: 2021-07-22
Type: CWE-79
Risk Information
CVSS v2
Base Score: 4.3
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact Score: 2.9
Exploitability Score: 8.6
Severity: MEDIUM
CVSS v3
Base Score: 6.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Impact Score: 2.7
Exploitability Score: 2.8
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 154495 | NewStart CGSL CORE 5.05 / MAIN 5.05 : ipa Multiple Vulnerabilities (NS-SA-2021-0171) | Nessus | NewStart CGSL Local Security Checks | medium |
| 152985 | Tenable SecurityCenter < 5.19.0 Multiple XSS Vulnerabilities (TNS-2021-14) | Nessus | Misc. | medium |
| 151985 | Tenable.sc < 5.19.0 Multiple Vulnerabilities (TNS-2021-14) (deprecated) | Nessus | Misc. | high |
| 147251 | NewStart CGSL CORE 5.04 / MAIN 5.04 : ipa Multiple Vulnerabilities (NS-SA-2021-0045) | Nessus | NewStart CGSL Local Security Checks | medium |
| 145873 | CentOS 8 : idm:DL1 and idm:client (CESA-2020:4670) | Nessus | CentOS Local Security Checks | medium |
| 144412 | RHEL 7 : python-XStatic-Bootstrap-SCSS (RHSA-2020:5571) | Nessus | Red Hat Local Security Checks | medium |
| 143080 | RHEL 7 : ipa (RHSA-2020:3936) | Nessus | Red Hat Local Security Checks | medium |
| 142435 | RHEL 8 : idm:DL1 and idm:client (RHSA-2020:4670) | Nessus | Red Hat Local Security Checks | medium |
| 141974 | Amazon Linux 2 : ipa-client (ALAS-2020-1519) | Nessus | Amazon Linux Local Security Checks | medium |
| 141734 | Scientific Linux Security Update : ipa on SL7.x x86_64 (20201001) | Nessus | Scientific Linux Local Security Checks | medium |
| 141586 | CentOS 7 : ipa (CESA-2020:3936) | Nessus | CentOS Local Security Checks | medium |
| 129861 | RHEL 7 : Virtualization Manager (RHSA-2019:3023) | Nessus | Red Hat Local Security Checks | medium |