Reflected cross-site scripting (XSS) In bootstrap-sass
Description
Bootstrap Cross-site Scripting vulnerability In Bootstrap starting in version 2.3.0 and prior to versions 3.4.0 and 4.1.2, XSS is possible in the data-container property of tooltip. This is similar to CVE-2018-14041.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 npm | 3.4.0, 3.4.0 | ||
 nuget | 4.1.2, 3.4.0, 4.1.2, 3.4.0, 4.1.2, 3.4.0 | ||
nuget | 4.1.2 | ||
 packagist | 4.1.2, 3.4.0 | ||
 rubygems | 3.4.0 | ||
nuget | - | ||
 debian 13 | 3.4.0+dfsg-1 | ||
 maven | 4.1.2, 3.4.0 | ||
debian 11 | 3.4.0+dfsg-1 | ||
debian 12 | 3.4.0+dfsg-1 |
1-10 of 16
10
Aliases
1. 2. 3. 4. 5. 6. 7. 8. 9.
References
1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 24.