CVE-2018-14041 – bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy
https://notcve.org/view.php?id=CVE-2018-14041
In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy. En Bootstrap en versiones anteriores a la 4.1.2, es posible Cross-Site Scripting (XSS) en la propiedad data-target de scrollspy. A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the data-target property of scrollspy. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hosting Web site, which can lead to stealing the victim's cookie-based authentication credentials. • https://github.com/ossf-cve-benchmark/CVE-2018-14041 https://github.com/Snorlyd/https-nj.gov---CVE-2018-14041 http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html http://seclists.org/fulldisclosure/2019/May/10 http://seclists.org/fulldisclosure/2019/May/11 http://seclists.org/fulldisclosure/2019/May/13 https://access.redhat.com/errata/RHSA-2019:1456 https://blog.getbootstrap • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-14040 – bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute
https://notcve.org/view.php?id=CVE-2018-14040
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute. En Bootstrap en versiones anteriores a la 4.1.2, es posible Cross-Site Scripting (XSS) en el atributo collapse data-parent. • https://github.com/ossf-cve-benchmark/CVE-2018-14040 https://github.com/Snorlyd/https-nj.gov---CVE-2018-14040 http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html http://seclists.org/fulldisclosure/2019/May/10 http://seclists.org/fulldisclosure/2019/May/11 http://seclists.org/fulldisclosure/2019/May/13 https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2 https:// • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-14042 – bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip
https://notcve.org/view.php?id=CVE-2018-14042
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. En Bootstrap en versiones anteriores a la 4.1.2, es posible Cross-Site Scripting (XSS) en la propiedad data-container de tooltip. • https://github.com/ossf-cve-benchmark/CVE-2018-14042 https://github.com/Snorlyd/https-nj.gov---CVE-2018-14042 http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html http://seclists.org/fulldisclosure/2019/May/10 http://seclists.org/fulldisclosure/2019/May/11 http://seclists.org/fulldisclosure/2019/May/13 https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2 https://github.com/twbs/bootstrap/issues/26423 https://github.com/twbs/bootstrap/issues/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •