CVE-2018-14041
published 2018-07-13CVE-2018-14041: In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.
PriorityP428medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EPSS
4.29%
89.9th percentile
In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.
Affected
28 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bootstrap-sass | bootstrap-sass | >= 2.0.4 < 3.4.0 | 3.4.0 |
| bootstrap-sass | bootstrap-sass | >= 2.0.4 < 3.4.0 | 3.4.0 |
| bootstrap-sass | bootstrap-sass | >= 2.3.0 < 3.4.0 | 3.4.0 |
| debian | twitter-bootstrap3 | < twitter-bootstrap3 3.4.0+dfsg-1 (bookworm) | twitter-bootstrap3 3.4.0+dfsg-1 (bookworm) |
| debian | twitter-bootstrap3 | — | — |
| debian | twitter-bootstrap4 | < twitter-bootstrap3 3.4.0+dfsg-1 (bookworm) | twitter-bootstrap3 3.4.0+dfsg-1 (bookworm) |
| getbootstrap | bootstrap | — | — |
| getbootstrap | bootstrap | >= 0 < 4.0.0-beta.2 | 4.0.0-beta.2 |
| getbootstrap | bootstrap | >= 2.0.4 < 3.4.0 | 3.4.0 |
| getbootstrap | bootstrap | >= 2.0.4 < 3.4.0 | 3.4.0 |
| getbootstrap | bootstrap | >= 2.3.0 < 3.4.0 | 3.4.0 |
| getbootstrap | bootstrap | >= 2.3.0 < 3.4.0 | 3.4.0 |
| getbootstrap | bootstrap | >= 2.3.0 < 3.4.0 | 3.4.0 |
| getbootstrap | bootstrap | >= 3.0.0 < 3.4.0 | 3.4.0 |
| getbootstrap | bootstrap | >= 4.0.0 < 4.1.2 | 4.1.2 |
| getbootstrap | bootstrap | >= 4.0.0 < 4.1.2 | 4.1.2 |
| getbootstrap | bootstrap | >= 4.0.0 < 4.1.2 | 4.1.2 |
| getbootstrap | bootstrap | >= 4.0.0 < 4.1.2 | 4.1.2 |
| getbootstrap | bootstrap | >= 4.0.0-beta < 4.0.0-beta.2 | 4.0.0-beta.2 |
| getbootstrap | bootstrap | >= 4.0.0-beta < 4.0.0-beta.2 | 4.0.0-beta.2 |
| twbs | bootstrap | >= 2.0.4 < 3.4.0 | 3.4.0 |
| twbs | bootstrap | >= 2.3.0 < 3.4.0 | 3.4.0 |
| twbs | bootstrap | >= 4.0.0 < 4.1.2 | 4.1.2 |
| twbs | bootstrap | >= 4.0.0-beta < 4.0.0-beta.2 | 4.0.0-beta.2 |
| typo3 | cms | >= 8.0.0 < 8.7.23 | 8.7.23 |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
ghsa6.1MEDIUM
osv6.1MEDIUM
vendor_debian6.1LOW
vendor_redhat6.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Bootstrap Cross-site Scripting vulnerability
ghsa·2019-01-17·CVSS 6.1
CVE-2016-10735 [MEDIUM] CWE-79 Bootstrap Cross-site Scripting vulnerability
Bootstrap Cross-site Scripting vulnerability
In Bootstrap 2.x from 2.0.4, 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute. Note that this is a different vulnerability than CVE-2018-14041.
See https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/ for more info.
OSV
Bootstrap Cross-site Scripting vulnerability
osv·2019-01-17·CVSS 6.1
CVE-2016-10735 [MEDIUM] Bootstrap Cross-site Scripting vulnerability
Bootstrap Cross-site Scripting vulnerability
In Bootstrap 2.x from 2.0.4, 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute. Note that this is a different vulnerability than CVE-2018-14041.
See https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/ for more info.
OSV
CVE-2016-10735: In Bootstrap 3
osv·2019-01-09·CVSS 6.1
CVE-2016-10735 [MEDIUM] CVE-2016-10735: In Bootstrap 3
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
GHSA
Bootstrap Cross-site Scripting vulnerability
ghsa·2018-09-13·CVSS 6.1
CVE-2018-14042 [MEDIUM] CWE-79 Bootstrap Cross-site Scripting vulnerability
Bootstrap Cross-site Scripting vulnerability
In Bootstrap starting in version 2.3.0 and prior to versions 3.4.0 and 4.1.2, XSS is possible in the data-container property of tooltip. This is similar to CVE-2018-14041.
GHSA
Bootstrap Cross-site Scripting vulnerability
ghsa·2018-09-13·CVSS 6.1
CVE-2018-14041 [MEDIUM] CWE-79 Bootstrap Cross-site Scripting vulnerability
Bootstrap Cross-site Scripting vulnerability
In Bootstrap 4.x before 4.1.2, XSS is possible in the data-target property of scrollspy. This is similar to CVE-2018-14042.
OSV
Bootstrap Cross-site Scripting vulnerability
osv·2018-09-13·CVSS 6.1
CVE-2018-14042 [MEDIUM] Bootstrap Cross-site Scripting vulnerability
Bootstrap Cross-site Scripting vulnerability
In Bootstrap starting in version 2.3.0 and prior to versions 3.4.0 and 4.1.2, XSS is possible in the data-container property of tooltip. This is similar to CVE-2018-14041.
OSV
Bootstrap Cross-site Scripting vulnerability
osv·2018-09-13·CVSS 6.1
CVE-2018-14041 [MEDIUM] Bootstrap Cross-site Scripting vulnerability
Bootstrap Cross-site Scripting vulnerability
In Bootstrap 4.x before 4.1.2, XSS is possible in the data-target property of scrollspy. This is similar to CVE-2018-14042.
Red Hat
bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy
vendor_redhat·2018-05-29·CVSS 6.1
CVE-2018-14041 [MEDIUM] CWE-79 bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy
bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy
In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.
A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the data-target property of scrollspy. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hosting Web site, which can lead to stealing the victim's cookie-based authentication credentials.
Package: cfme-gemset (CloudForms Management Engine 5) - Not affected
Package: servicemesh-prometheus (OpenShift Service Mesh 2.1) - Not affected
Package: ceph (Red Hat Ceph Storage 4) - Out of support scope
Package: ceph (Red Hat Ceph Storag
Debian
CVE-2018-14041: twitter-bootstrap3 - In Bootstrap before 4.1.2, XSS is possible in the data-target property of scroll...
vendor_debian·2018·CVSS 6.1
CVE-2018-14041 [MEDIUM] CVE-2018-14041: twitter-bootstrap3 - In Bootstrap before 4.1.2, XSS is possible in the data-target property of scroll...
In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
Red Hat
bootstrap: XSS in the data-target attribute
vendor_redhat·2016-06-27·CVSS 6.1
CVE-2016-10735 [MEDIUM] CWE-79 bootstrap: XSS in the data-target attribute
bootstrap: XSS in the data-target attribute
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
Statement: Red Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.
Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.
Package: pki-core (Red Hat Enterprise Linux 7) - Will not fix
Packa
Debian
CVE-2016-10735: twitter-bootstrap3 - In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible ...
vendor_debian·2016·CVSS 6.1
CVE-2016-10735 [MEDIUM] CVE-2016-10735: twitter-bootstrap3 - In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible ...
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
Scope: local
bookworm: resolved (fixed in 3.4.0+dfsg-1)
bullseye: resolved (fixed in 3.4.0+dfsg-1)
forky: resolved (fixed in 3.4.0+dfsg-1)
sid: resolved (fixed in 3.4.0+dfsg-1)
trixie: resolved (fixed in 3.4.0+dfsg-1)
No detection rules found.
No public exploits indexed.
HackerOne
Vulnerable javascript dependency at Main domain
hackerone·2021-08-02·CVSS 6.1
CVE-2019-8331 [MEDIUM] Vulnerable javascript dependency at Main domain
Vulnerable javascript dependency at Main domain
Hello,
Issue detail,
Burp observed 1 outdated JavaScript libraries with 4 known vulnerabilities.
Burp detected bootstrap version 4.0.0, which has the following vulnerabilities:
CVE-2019-8331: XSS in data-template, data-content and data-title properties of tooltip/popover
CVE-2018-14041: XSS in data-target property of scrollspy
CVE-2018-14040: XSS in collapse data-parent attribute
CVE-2018-14042: XSS in data-container property of tooltip
Host: https://sifchain.finance
Path: /wp-content/themes/icos/assets/js/vendor/bootstrap.min.js
{F1293110}
## Impact
Potential XSS
Bugzilla
CVE-2016-10735 bootstrap: XSS in the data-target attribute
bugzilla·2019-01-21·CVSS 6.1
CVE-2016-10735 [MEDIUM] CVE-2016-10735 bootstrap: XSS in the data-target attribute
CVE-2016-10735 bootstrap: XSS in the data-target attribute
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
References:
https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/
https://github.com/twbs/bootstrap/issues/20184
https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906
Upstream Patch:
https://github.com/twbs/bootstrap/pull/23679
https://github.com/twbs/bootstrap/pull/23687
https://github.com/twbs/bootstrap/pull/26460
Discussion:
RHOSP ships two versions of bootstrap, both of which are affected. Marking as such and filing trackers.
OpenStack -> Bootstrap
8,9,10 -> 3.2.0.0-1
13,14 -> 3.3.7.1-2
---
Created python-XStatic-Bootstrap-SCSS tracking bugs for
Bugzilla
CVE-2018-14041 bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy
bugzilla·2018-07-16·CVSS 6.1
CVE-2018-14041 [MEDIUM] CVE-2018-14041 bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy
CVE-2018-14041 bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy
A flaw was found in Bootstrap from version 4.0 and before 4.1.2. A Cross-site Scripting (XSS) is possible in the data-target property of scrollspy.
References:
https://github.com/twbs/bootstrap/issues/26627
Upstream Patch:
https://github.com/twbs/bootstrap/pull/26630
Discussion:
bootstrap 3.3.7 is not affected by this flaw.
---
This issue has been addressed in the following products:
Red Hat Single Sign-On 7.3.2 zip
Via RHSA-2019:1456 https://access.redhat.com/errata/RHSA-2019:1456
---
This issue has been addressed in the following products:
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
Via RHSA-2023:0553 https://access.redhat.com/errata/RHSA-2023:0553
---
This issue
http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.htmlhttp://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.htmlhttp://seclists.org/fulldisclosure/2019/May/10http://seclists.org/fulldisclosure/2019/May/11http://seclists.org/fulldisclosure/2019/May/13https://access.redhat.com/errata/RHSA-2019:1456https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/https://github.com/twbs/bootstrap/issues/26423https://github.com/twbs/bootstrap/issues/26627https://github.com/twbs/bootstrap/pull/26630https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3Ehttps://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3Ehttps://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3Ehttps://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3Ehttps://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714%40%3Cissues.hbase.apache.org%3Ehttps://seclists.org/bugtraq/2019/May/18https://www.oracle.com/security-alerts/cpuApr2021.htmlhttp://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.htmlhttp://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.htmlhttp://seclists.org/fulldisclosure/2019/May/10http://seclists.org/fulldisclosure/2019/May/11http://seclists.org/fulldisclosure/2019/May/13https://access.redhat.com/errata/RHSA-2019:1456https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/https://github.com/twbs/bootstrap/issues/26423https://github.com/twbs/bootstrap/issues/26627https://github.com/twbs/bootstrap/pull/26630https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3Ehttps://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3Ehttps://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3Ehttps://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3Ehttps://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714%40%3Cissues.hbase.apache.org%3Ehttps://seclists.org/bugtraq/2019/May/18https://www.oracle.com/security-alerts/cpuApr2021.html
2018-07-13
Published