Fluid Attacks Database

Description

Bootstrap vulnerable to Cross-Site Scripting (XSS) In Bootstrap starting in version 2.3.0 and prior to 3.4.0, as well as 4.x before 4.1.2, XSS is possible in the collapse data-parent attribute.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
nuget	bootstrap	>=4.0.0 <4.1.2 \|\| >=4.0.0 <4.1.2 \|\| >=2.3.0 <3.4.0 \|\| >=2.3.0 <3.4.0 \|\| >=2.3.0 <3.4.0 \|\| >=4.0.0 <4.1.2	4.1.2, 4.1.2, 3.4.0, 3.4.0, 3.4.0, 4.1.2
rubygems	bootstrap-sass	>=2.3.0 <3.4.0	3.4.0
maven	org.webjars:bootstrap	>=4.0.0 <4.1.2 \|\| >=2.3.0 <3.4.0	4.1.2, 3.4.0
debian 13	twitter-bootstrap3	>=0 <3.4.0+dfsg-1	3.4.0+dfsg-1
npm	bootstrap	>=0 <3.4.0 \|\| >=4.0.0 <4.1.2	3.4.0, 4.1.2
nuget	bootstrap.sass	>=4.0.0 <4.1.2	4.1.2
packagist	twbs/bootstrap	>=2.3.0 <3.4.0 \|\| >=4.0.0 <4.1.2	3.4.0, 4.1.2
rubygems	bootstrap	>=0 <3.4.0 \|\| >=4.0.0 <4.1.2	4.1.2
debian 12	twitter-bootstrap3	>=0 <3.4.0+dfsg-1	3.4.0+dfsg-1
nuget	bootstrap.less	=4.0.0 \|\| >=0 <3.4.0 \|\| >=4.0.0 <4.1.2	3.4.0

1-10 of 15

Aliases

1. CVE-2018-140402. NVD-2018-140403. OSV-2018-140404. OSV-DEBIAN-2018-140405. GCVE-2018-140406. lists.debian.org7. SECURITY-TRACKER-CVE-2018-14040

References