CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2018-20677 – bootstrap: XSS in the affix configuration target property
https://notcve.org/view.php?id=CVE-2018-20677
In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property. En Bootstrap, en versiones anteriores a la 3.4.0, Cross-Site Scripting (XSS) es posible en la propiedad "affix" en la configuración. A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting caused by improper validation of user-supplied input by the affix configuration target property. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hosting Web site, which can lead to stealing the victim's cookie-based authentication credentials. • https://github.com/ossf-cve-benchmark/CVE-2018-20677 https://access.redhat.com/errata/RHBA-2019:1076 https://access.redhat.com/errata/RHBA-2019:1570 https://access.redhat.com/errata/RHSA-2019:1456 https://access.redhat.com/errata/RHSA-2019:3023 https://access.redhat.com/errata/RHSA-2020:0132 https://access.redhat.com/errata/RHSA-2020:0133 https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0 https://github.com/twbs/bootstrap/issues/27045 https://github.com/t • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 3CVE-2018-14040 – bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute
https://notcve.org/view.php?id=CVE-2018-14040
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute. En Bootstrap en versiones anteriores a la 4.1.2, es posible Cross-Site Scripting (XSS) en el atributo collapse data-parent. • https://github.com/ossf-cve-benchmark/CVE-2018-14040 https://github.com/Snorlyd/https-nj.gov---CVE-2018-14040 http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html http://seclists.org/fulldisclosure/2019/May/10 http://seclists.org/fulldisclosure/2019/May/11 http://seclists.org/fulldisclosure/2019/May/13 https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2 https:// • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 3CVE-2018-14042 – bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip
https://notcve.org/view.php?id=CVE-2018-14042
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. En Bootstrap en versiones anteriores a la 4.1.2, es posible Cross-Site Scripting (XSS) en la propiedad data-container de tooltip. • https://github.com/ossf-cve-benchmark/CVE-2018-14042 https://github.com/Snorlyd/https-nj.gov---CVE-2018-14042 http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html http://seclists.org/fulldisclosure/2019/May/10 http://seclists.org/fulldisclosure/2019/May/11 http://seclists.org/fulldisclosure/2019/May/13 https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2 https://github.com/twbs/bootstrap/issues/26423 https://github.com/twbs/bootstrap/issues/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •