Action not permitted
Modal body text goes here.
Modal Title
Modal Body
wid-sec-w-2023-0851
Vulnerability from csaf_certbund
Published
2023-04-04 22:00
Modified
2023-04-04 22:00
Summary
IBM Maximo Asset Management: Mehrere Schwachstellen ermöglichen Cross-Site Scripting
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Maximo Asset Management ist ein Enterprise-Asset-Management-System, das umfassenden Support für Assets, Maintenance, Ressourcen und Supply-Chain-Management-Anforderungen bietet.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM Maximo Asset Management ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen.
Betroffene Betriebssysteme
- Appliance
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Maximo Asset Management ist ein Enterprise-Asset-Management-System, das umfassenden Support für Assets, Maintenance, Ressourcen und Supply-Chain-Management-Anforderungen bietet.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM Maximo Asset Management ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen.", title: "Angriff", }, { category: "general", text: "- Appliance", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-0851 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0851.json", }, { category: "self", summary: "WID-SEC-2023-0851 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0851", }, { category: "external", summary: "IBM Security Bulletin: 6980757 vom 2023-04-04", url: "https://www.ibm.com/support/pages/node/6980757", }, ], source_lang: "en-US", title: "IBM Maximo Asset Management: Mehrere Schwachstellen ermöglichen Cross-Site Scripting", tracking: { current_release_date: "2023-04-04T22:00:00.000+00:00", generator: { date: "2024-08-15T17:48:05.876+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-0851", initial_release_date: "2023-04-04T22:00:00.000+00:00", revision_history: [ { date: "2023-04-04T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "IBM Maximo Asset Management < 7.6.1.2", product: { name: "IBM Maximo Asset Management < 7.6.1.2", product_id: "T027067", product_identification_helper: { cpe: "cpe:/a:ibm:maximo_asset_management:7.6.1.2", }, }, }, ], category: "vendor", name: "IBM", }, ], }, vulnerabilities: [ { cve: "CVE-2019-8331", notes: [ { category: "description", text: "In IBM Maximo Asset Management existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgemäß überprüft, bevor sie an den Benutzer zurückgegeben werden. Ein entfernter, anonymer Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], release_date: "2023-04-04T22:00:00.000+00:00", title: "CVE-2019-8331", }, { cve: "CVE-2018-20677", notes: [ { category: "description", text: "In IBM Maximo Asset Management existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgemäß überprüft, bevor sie an den Benutzer zurückgegeben werden. Ein entfernter, anonymer Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], release_date: "2023-04-04T22:00:00.000+00:00", title: "CVE-2018-20677", }, { cve: "CVE-2018-20676", notes: [ { category: "description", text: "In IBM Maximo Asset Management existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgemäß überprüft, bevor sie an den Benutzer zurückgegeben werden. Ein entfernter, anonymer Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], release_date: "2023-04-04T22:00:00.000+00:00", title: "CVE-2018-20676", }, { cve: "CVE-2018-14042", notes: [ { category: "description", text: "In IBM Maximo Asset Management existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgemäß überprüft, bevor sie an den Benutzer zurückgegeben werden. Ein entfernter, anonymer Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], release_date: "2023-04-04T22:00:00.000+00:00", title: "CVE-2018-14042", }, { cve: "CVE-2018-14040", notes: [ { category: "description", text: "In IBM Maximo Asset Management existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgemäß überprüft, bevor sie an den Benutzer zurückgegeben werden. Ein entfernter, anonymer Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], release_date: "2023-04-04T22:00:00.000+00:00", title: "CVE-2018-14040", }, { cve: "CVE-2016-10735", notes: [ { category: "description", text: "In IBM Maximo Asset Management existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgemäß überprüft, bevor sie an den Benutzer zurückgegeben werden. Ein entfernter, anonymer Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], release_date: "2023-04-04T22:00:00.000+00:00", title: "CVE-2016-10735", }, ], }
CVE-2019-8331 (GCVE-0-2019-8331)
Vulnerability from cvelistv5
Published
2019-02-20 16:00
Modified
2024-08-04 21:17
Severity ?
Summary
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T21:17:31.342Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "107375", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/107375", }, { name: "20190509 dotCMS v5.1.1 Vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/May/18", }, { name: "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/May/11", }, { name: "20190510 dotCMS v5.1.1 Vulnerabilities", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/May/10", }, { name: "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/May/13", }, { name: "RHSA-2019:1456", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:1456", }, { name: "[flink-user] 20190811 Apache flink 1.7.2 security issues", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E", }, { name: "[flink-dev] 20190811 Apache flink 1.7.2 security issues", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E", }, { name: "[flink-user] 20190813 Apache flink 1.7.2 security issues", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E", }, { name: "[flink-user] 20190813 Re: Apache flink 1.7.2 security issues", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E", }, { name: "[superset-dev] 20190926 Re: [VOTE] Release Superset 0.34.1 based on Superset 0.34.1rc1", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3E", }, { name: "RHSA-2019:3023", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3023", }, { name: "RHSA-2019:3024", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3024", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", }, { name: "[hbase-issues] 20201116 [GitHub] [hbase] symat opened a new pull request #2661: HBASE-25261 Upgrade Bootstrap to 3.4.1", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714%40%3Cissues.hbase.apache.org%3E", }, { name: "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/twbs/bootstrap/pull/28236", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/twbs/bootstrap/releases/tag/v4.3.1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/twbs/bootstrap/releases/tag/v3.4.1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K24383845", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K24383845?utm_source=f5support&%3Butm_medium=RSS", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.tenable.com/security/tns-2021-14", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2019-02-20T00:00:00", descriptions: [ { lang: "en", value: "In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-22T17:06:15", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "107375", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/107375", }, { name: "20190509 dotCMS v5.1.1 Vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/May/18", }, { name: "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/May/11", }, { name: "20190510 dotCMS v5.1.1 Vulnerabilities", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/May/10", }, { name: "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/May/13", }, { name: "RHSA-2019:1456", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:1456", }, { name: "[flink-user] 20190811 Apache flink 1.7.2 security issues", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E", }, { name: "[flink-dev] 20190811 Apache flink 1.7.2 security issues", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E", }, { name: "[flink-user] 20190813 Apache flink 1.7.2 security issues", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E", }, { name: "[flink-user] 20190813 Re: Apache flink 1.7.2 security issues", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E", }, { name: "[superset-dev] 20190926 Re: [VOTE] Release Superset 0.34.1 based on Superset 0.34.1rc1", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3E", }, { name: "RHSA-2019:3023", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3023", }, { name: "RHSA-2019:3024", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3024", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", }, { name: "[hbase-issues] 20201116 [GitHub] [hbase] symat opened a new pull request #2661: HBASE-25261 Upgrade Bootstrap to 3.4.1", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714%40%3Cissues.hbase.apache.org%3E", }, { name: "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/twbs/bootstrap/pull/28236", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/twbs/bootstrap/releases/tag/v4.3.1", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/twbs/bootstrap/releases/tag/v3.4.1", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K24383845", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K24383845?utm_source=f5support&%3Butm_medium=RSS", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.tenable.com/security/tns-2021-14", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-8331", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "107375", refsource: "BID", url: "http://www.securityfocus.com/bid/107375", }, { name: "20190509 dotCMS v5.1.1 Vulnerabilities", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/May/18", }, { name: "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2019/May/11", }, { name: "20190510 dotCMS v5.1.1 Vulnerabilities", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2019/May/10", }, { name: "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2019/May/13", }, { name: "RHSA-2019:1456", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:1456", }, { name: "[flink-user] 20190811 Apache flink 1.7.2 security issues", refsource: "MLIST", url: "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854@%3Cuser.flink.apache.org%3E", }, { name: "[flink-dev] 20190811 Apache flink 1.7.2 security issues", refsource: "MLIST", url: "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3Cdev.flink.apache.org%3E", }, { name: "[flink-user] 20190813 Apache flink 1.7.2 security issues", refsource: "MLIST", url: "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49@%3Cuser.flink.apache.org%3E", }, { name: "[flink-user] 20190813 Re: Apache flink 1.7.2 security issues", refsource: "MLIST", url: "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2@%3Cuser.flink.apache.org%3E", }, { name: "[superset-dev] 20190926 Re: [VOTE] Release Superset 0.34.1 based on Superset 0.34.1rc1", refsource: "MLIST", url: "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E", }, { name: "RHSA-2019:3023", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3023", }, { name: "RHSA-2019:3024", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3024", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", }, { name: "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", }, { name: "[hbase-issues] 20201116 [GitHub] [hbase] symat opened a new pull request #2661: HBASE-25261 Upgrade Bootstrap to 3.4.1", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714@%3Cissues.hbase.apache.org%3E", }, { name: "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpuApr2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { name: "https://github.com/twbs/bootstrap/pull/28236", refsource: "MISC", url: "https://github.com/twbs/bootstrap/pull/28236", }, { name: "https://github.com/twbs/bootstrap/releases/tag/v4.3.1", refsource: "MISC", url: "https://github.com/twbs/bootstrap/releases/tag/v4.3.1", }, { name: "https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/", refsource: "CONFIRM", url: "https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/", }, { name: "https://github.com/twbs/bootstrap/releases/tag/v3.4.1", refsource: "MISC", url: "https://github.com/twbs/bootstrap/releases/tag/v3.4.1", }, { name: "https://support.f5.com/csp/article/K24383845", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K24383845", }, { name: "https://support.f5.com/csp/article/K24383845?utm_source=f5support&utm_medium=RSS", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K24383845?utm_source=f5support&utm_medium=RSS", }, { name: "https://www.tenable.com/security/tns-2021-14", refsource: "CONFIRM", url: "https://www.tenable.com/security/tns-2021-14", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-8331", datePublished: "2019-02-20T16:00:00", dateReserved: "2019-02-13T00:00:00", dateUpdated: "2024-08-04T21:17:31.342Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-14040 (GCVE-0-2018-14040)
Vulnerability from cvelistv5
Published
2018-07-13 14:00
Modified
2024-08-05 09:21
Severity ?
EPSS score ?
Summary
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T09:21:41.257Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[debian-lts-announce] 20180827 [SECURITY] [DLA 1479-1] twitter-bootstrap3 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html", }, { name: "20190509 dotCMS v5.1.1 Vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/May/18", }, { name: "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/May/11", }, { name: "20190510 dotCMS v5.1.1 Vulnerabilities", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/May/10", }, { name: "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/May/13", }, { name: "[superset-dev] 20190926 Re: [VOTE] Release Superset 0.34.1 based on Superset 0.34.1rc1", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3E", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", }, { name: "[hbase-issues] 20201116 [GitHub] [hbase] symat opened a new pull request #2661: HBASE-25261 Upgrade Bootstrap to 3.4.1", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714%40%3Cissues.hbase.apache.org%3E", }, { name: "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/twbs/bootstrap/pull/26630", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/twbs/bootstrap/issues/26423", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/twbs/bootstrap/issues/26625", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.tenable.com/security/tns-2021-14", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-07-13T00:00:00", descriptions: [ { lang: "en", value: "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-22T17:06:53", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "[debian-lts-announce] 20180827 [SECURITY] [DLA 1479-1] twitter-bootstrap3 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html", }, { name: "20190509 dotCMS v5.1.1 Vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/May/18", }, { name: "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/May/11", }, { name: "20190510 dotCMS v5.1.1 Vulnerabilities", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/May/10", }, { name: "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/May/13", }, { name: "[superset-dev] 20190926 Re: [VOTE] Release Superset 0.34.1 based on Superset 0.34.1rc1", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3E", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", }, { name: "[hbase-issues] 20201116 [GitHub] [hbase] symat opened a new pull request #2661: HBASE-25261 Upgrade Bootstrap to 3.4.1", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714%40%3Cissues.hbase.apache.org%3E", }, { name: "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/twbs/bootstrap/pull/26630", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/twbs/bootstrap/issues/26423", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/twbs/bootstrap/issues/26625", }, { tags: [ "x_refsource_MISC", ], url: "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.tenable.com/security/tns-2021-14", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-14040", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "[debian-lts-announce] 20180827 [SECURITY] [DLA 1479-1] twitter-bootstrap3 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html", }, { name: "20190509 dotCMS v5.1.1 Vulnerabilities", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/May/18", }, { name: "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2019/May/11", }, { name: "20190510 dotCMS v5.1.1 Vulnerabilities", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2019/May/10", }, { name: "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2019/May/13", }, { name: "[superset-dev] 20190926 Re: [VOTE] Release Superset 0.34.1 based on Superset 0.34.1rc1", refsource: "MLIST", url: "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", }, { name: "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", }, { name: "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", }, { name: "[hbase-issues] 20201116 [GitHub] [hbase] symat opened a new pull request #2661: HBASE-25261 Upgrade Bootstrap to 3.4.1", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714@%3Cissues.hbase.apache.org%3E", }, { name: "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpuApr2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { name: "https://github.com/twbs/bootstrap/pull/26630", refsource: "MISC", url: "https://github.com/twbs/bootstrap/pull/26630", }, { name: "https://github.com/twbs/bootstrap/issues/26423", refsource: "MISC", url: "https://github.com/twbs/bootstrap/issues/26423", }, { name: "https://github.com/twbs/bootstrap/issues/26625", refsource: "MISC", url: "https://github.com/twbs/bootstrap/issues/26625", }, { name: "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/", refsource: "MISC", url: "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/", }, { name: "https://www.tenable.com/security/tns-2021-14", refsource: "CONFIRM", url: "https://www.tenable.com/security/tns-2021-14", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-14040", datePublished: "2018-07-13T14:00:00", dateReserved: "2018-07-13T00:00:00", dateUpdated: "2024-08-05T09:21:41.257Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2016-10735 (GCVE-0-2016-10735)
Vulnerability from cvelistv5
Published
2019-01-09 05:00
Modified
2024-08-06 03:30
Severity ?
EPSS score ?
Summary
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906 | x_refsource_MISC | |
| https://github.com/twbs/bootstrap/pull/26460 | x_refsource_MISC | |
| https://github.com/twbs/bootstrap/issues/20184 | x_refsource_MISC | |
| https://github.com/twbs/bootstrap/pull/23687 | x_refsource_MISC | |
| https://github.com/twbs/bootstrap/pull/23679 | x_refsource_MISC | |
| https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/ | x_refsource_MISC | |
| https://access.redhat.com/errata/RHSA-2019:1456 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHBA-2019:1076 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHBA-2019:1570 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2019:3023 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2020:0132 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2020:0133 | vendor-advisory, x_refsource_REDHAT | |
| https://www.tenable.com/security/tns-2021-14 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T03:30:20.165Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/twbs/bootstrap/pull/26460", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/twbs/bootstrap/issues/20184", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/twbs/bootstrap/pull/23687", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/twbs/bootstrap/pull/23679", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/", }, { name: "RHSA-2019:1456", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:1456", }, { name: "RHBA-2019:1076", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHBA-2019:1076", }, { name: "RHBA-2019:1570", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHBA-2019:1570", }, { name: "RHSA-2019:3023", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3023", }, { name: "RHSA-2020:0132", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0132", }, { name: "RHSA-2020:0133", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0133", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.tenable.com/security/tns-2021-14", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2019-01-08T00:00:00", descriptions: [ { lang: "en", value: "In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-22T17:06:28", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/twbs/bootstrap/pull/26460", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/twbs/bootstrap/issues/20184", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/twbs/bootstrap/pull/23687", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/twbs/bootstrap/pull/23679", }, { tags: [ "x_refsource_MISC", ], url: "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/", }, { name: "RHSA-2019:1456", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:1456", }, { name: "RHBA-2019:1076", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHBA-2019:1076", }, { name: "RHBA-2019:1570", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHBA-2019:1570", }, { name: "RHSA-2019:3023", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3023", }, { name: "RHSA-2020:0132", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0132", }, { name: "RHSA-2020:0133", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0133", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.tenable.com/security/tns-2021-14", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-10735", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906", refsource: "MISC", url: "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906", }, { name: "https://github.com/twbs/bootstrap/pull/26460", refsource: "MISC", url: "https://github.com/twbs/bootstrap/pull/26460", }, { name: "https://github.com/twbs/bootstrap/issues/20184", refsource: "MISC", url: "https://github.com/twbs/bootstrap/issues/20184", }, { name: "https://github.com/twbs/bootstrap/pull/23687", refsource: "MISC", url: "https://github.com/twbs/bootstrap/pull/23687", }, { name: "https://github.com/twbs/bootstrap/pull/23679", refsource: "MISC", url: "https://github.com/twbs/bootstrap/pull/23679", }, { name: "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/", refsource: "MISC", url: "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/", }, { name: "RHSA-2019:1456", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:1456", }, { name: "RHBA-2019:1076", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHBA-2019:1076", }, { name: "RHBA-2019:1570", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHBA-2019:1570", }, { name: "RHSA-2019:3023", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3023", }, { name: "RHSA-2020:0132", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0132", }, { name: "RHSA-2020:0133", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0133", }, { name: "https://www.tenable.com/security/tns-2021-14", refsource: "CONFIRM", url: "https://www.tenable.com/security/tns-2021-14", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-10735", datePublished: "2019-01-09T05:00:00", dateReserved: "2019-01-08T00:00:00", dateUpdated: "2024-08-06T03:30:20.165Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-20676 (GCVE-0-2018-20676)
Vulnerability from cvelistv5
Published
2019-01-09 05:00
Modified
2024-08-05 12:05
Severity ?
EPSS score ?
Summary
In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:05:17.824Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/twbs/bootstrap/issues/27044", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/twbs/bootstrap/pull/27047", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628", }, { name: "RHSA-2019:1456", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:1456", }, { name: "RHBA-2019:1076", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHBA-2019:1076", }, { name: "RHBA-2019:1570", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHBA-2019:1570", }, { name: "RHSA-2019:3023", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3023", }, { name: "RHSA-2020:0132", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0132", }, { name: "RHSA-2020:0133", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0133", }, { name: "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.tenable.com/security/tns-2021-14", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2019-01-08T00:00:00", descriptions: [ { lang: "en", value: "In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-22T17:07:42", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/twbs/bootstrap/issues/27044", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906", }, { tags: [ "x_refsource_MISC", ], url: "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/twbs/bootstrap/pull/27047", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628", }, { name: "RHSA-2019:1456", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:1456", }, { name: "RHBA-2019:1076", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHBA-2019:1076", }, { name: "RHBA-2019:1570", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHBA-2019:1570", }, { name: "RHSA-2019:3023", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3023", }, { name: "RHSA-2020:0132", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0132", }, { name: "RHSA-2020:0133", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0133", }, { name: "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.tenable.com/security/tns-2021-14", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-20676", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/twbs/bootstrap/issues/27044", refsource: "MISC", url: "https://github.com/twbs/bootstrap/issues/27044", }, { name: "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906", refsource: "MISC", url: "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906", }, { name: "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/", refsource: "MISC", url: "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/", }, { name: "https://github.com/twbs/bootstrap/pull/27047", refsource: "MISC", url: "https://github.com/twbs/bootstrap/pull/27047", }, { name: "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628", refsource: "MISC", url: "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628", }, { name: "RHSA-2019:1456", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:1456", }, { name: "RHBA-2019:1076", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHBA-2019:1076", }, { name: "RHBA-2019:1570", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHBA-2019:1570", }, { name: "RHSA-2019:3023", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3023", }, { name: "RHSA-2020:0132", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0132", }, { name: "RHSA-2020:0133", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0133", }, { name: "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E", }, { name: "https://www.tenable.com/security/tns-2021-14", refsource: "CONFIRM", url: "https://www.tenable.com/security/tns-2021-14", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-20676", datePublished: "2019-01-09T05:00:00", dateReserved: "2019-01-08T00:00:00", dateUpdated: "2024-08-05T12:05:17.824Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-20677 (GCVE-0-2018-20677)
Vulnerability from cvelistv5
Published
2019-01-09 05:00
Modified
2024-08-05 12:05
Severity ?
EPSS score ?
Summary
In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:05:17.696Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/twbs/bootstrap/issues/27045", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/twbs/bootstrap/pull/27047", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628", }, { name: "RHSA-2019:1456", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:1456", }, { name: "RHBA-2019:1076", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHBA-2019:1076", }, { name: "RHBA-2019:1570", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHBA-2019:1570", }, { name: "[superset-dev] 20190926 Re: [VOTE] Release Superset 0.34.1 based on Superset 0.34.1rc1", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3E", }, { name: "RHSA-2019:3023", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3023", }, { name: "RHSA-2020:0132", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0132", }, { name: "RHSA-2020:0133", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0133", }, { name: "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.tenable.com/security/tns-2021-14", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2019-01-08T00:00:00", descriptions: [ { lang: "en", value: "In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-22T17:07:44", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/twbs/bootstrap/issues/27045", }, { tags: [ "x_refsource_MISC", ], url: "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/twbs/bootstrap/pull/27047", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628", }, { name: "RHSA-2019:1456", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:1456", }, { name: "RHBA-2019:1076", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHBA-2019:1076", }, { name: "RHBA-2019:1570", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHBA-2019:1570", }, { name: "[superset-dev] 20190926 Re: [VOTE] Release Superset 0.34.1 based on Superset 0.34.1rc1", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3E", }, { name: "RHSA-2019:3023", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3023", }, { name: "RHSA-2020:0132", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0132", }, { name: "RHSA-2020:0133", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0133", }, { name: "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.tenable.com/security/tns-2021-14", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-20677", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906", refsource: "MISC", url: "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906", }, { name: "https://github.com/twbs/bootstrap/issues/27045", refsource: "MISC", url: "https://github.com/twbs/bootstrap/issues/27045", }, { name: "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/", refsource: "MISC", url: "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/", }, { name: "https://github.com/twbs/bootstrap/pull/27047", refsource: "MISC", url: "https://github.com/twbs/bootstrap/pull/27047", }, { name: "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628", refsource: "MISC", url: "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628", }, { name: "RHSA-2019:1456", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:1456", }, { name: "RHBA-2019:1076", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHBA-2019:1076", }, { name: "RHBA-2019:1570", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHBA-2019:1570", }, { name: "[superset-dev] 20190926 Re: [VOTE] Release Superset 0.34.1 based on Superset 0.34.1rc1", refsource: "MLIST", url: "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E", }, { name: "RHSA-2019:3023", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3023", }, { name: "RHSA-2020:0132", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0132", }, { name: "RHSA-2020:0133", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0133", }, { name: "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E", }, { name: "https://www.tenable.com/security/tns-2021-14", refsource: "CONFIRM", url: "https://www.tenable.com/security/tns-2021-14", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-20677", datePublished: "2019-01-09T05:00:00", dateReserved: "2019-01-08T00:00:00", dateUpdated: "2024-08-05T12:05:17.696Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-14042 (GCVE-0-2018-14042)
Vulnerability from cvelistv5
Published
2018-07-13 14:00
Modified
2024-08-05 09:21
Severity ?
EPSS score ?
Summary
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T09:21:41.010Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20190509 dotCMS v5.1.1 Vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/May/18", }, { name: "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/May/11", }, { name: "20190510 dotCMS v5.1.1 Vulnerabilities", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/May/10", }, { name: "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/May/13", }, { name: "[superset-dev] 20190926 Re: [VOTE] Release Superset 0.34.1 based on Superset 0.34.1rc1", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3E", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", }, { name: "[hbase-issues] 20201116 [GitHub] [hbase] symat opened a new pull request #2661: HBASE-25261 Upgrade Bootstrap to 3.4.1", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714%40%3Cissues.hbase.apache.org%3E", }, { name: "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/twbs/bootstrap/pull/26630", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/twbs/bootstrap/issues/26423", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/twbs/bootstrap/issues/26628", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.tenable.com/security/tns-2021-14", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-07-13T00:00:00", descriptions: [ { lang: "en", value: "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-22T17:06:33", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20190509 dotCMS v5.1.1 Vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/May/18", }, { name: "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/May/11", }, { name: "20190510 dotCMS v5.1.1 Vulnerabilities", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/May/10", }, { name: "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/May/13", }, { name: "[superset-dev] 20190926 Re: [VOTE] Release Superset 0.34.1 based on Superset 0.34.1rc1", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3E", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", }, { name: "[hbase-issues] 20201116 [GitHub] [hbase] symat opened a new pull request #2661: HBASE-25261 Upgrade Bootstrap to 3.4.1", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714%40%3Cissues.hbase.apache.org%3E", }, { name: "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/twbs/bootstrap/pull/26630", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/twbs/bootstrap/issues/26423", }, { tags: [ "x_refsource_MISC", ], url: "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/twbs/bootstrap/issues/26628", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.tenable.com/security/tns-2021-14", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-14042", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20190509 dotCMS v5.1.1 Vulnerabilities", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/May/18", }, { name: "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2019/May/11", }, { name: "20190510 dotCMS v5.1.1 Vulnerabilities", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2019/May/10", }, { name: "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2019/May/13", }, { name: "[superset-dev] 20190926 Re: [VOTE] Release Superset 0.34.1 based on Superset 0.34.1rc1", refsource: "MLIST", url: "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", }, { name: "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", }, { name: "[hbase-issues] 20201116 [GitHub] [hbase] symat opened a new pull request #2661: HBASE-25261 Upgrade Bootstrap to 3.4.1", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714@%3Cissues.hbase.apache.org%3E", }, { name: "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpuApr2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { name: "https://github.com/twbs/bootstrap/pull/26630", refsource: "MISC", url: "https://github.com/twbs/bootstrap/pull/26630", }, { name: "https://github.com/twbs/bootstrap/issues/26423", refsource: "MISC", url: "https://github.com/twbs/bootstrap/issues/26423", }, { name: "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/", refsource: "MISC", url: "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/", }, { name: "https://github.com/twbs/bootstrap/issues/26628", refsource: "MISC", url: "https://github.com/twbs/bootstrap/issues/26628", }, { name: "https://www.tenable.com/security/tns-2021-14", refsource: "CONFIRM", url: "https://www.tenable.com/security/tns-2021-14", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-14042", datePublished: "2018-07-13T14:00:00", dateReserved: "2018-07-13T00:00:00", dateUpdated: "2024-08-05T09:21:41.010Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.