Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2018-14042

Published: 13/07/2018 Updated: 07/11/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 384
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Bootstrap

Vulnerability Summary

In Bootstrap prior to 4.1.2, XSS is possible in the data-container property of tooltip.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

getbootstrap bootstrap

getbootstrap bootstrap 4.0.0

Vendor Advisories

Debian CVElist Bug Report Logs: twitter-bootstrap3: CVE-2018-14040 CVE-2018-14041 CVE-2018-14042
Debian Bug report logs - #907414 twitter-bootstrap3: CVE-2018-14040 CVE-2018-14041 CVE-2018-14042 Package: twitter-bootstrap3; Maintainer for twitter-bootstrap3 is Debian Javascript Maintainers <pkg-javascript-devel@listsaliothdebianorg>; Reported by: Antoine Beaupre <anarcat@debianorg> Date: Mon, 27 Aug 2018 18:3 ...
Amazon Linux 2: ALAS2-2020-1519
jQuery before 300 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed (CVE-2015-9251) In Bootstrap 3x before 340 and 4x-beta before 400-beta2, XSS is possible in the data-target attribute, a different vulnerability t ...
Red Hat: Moderate: python-XStatic-Bootstrap-SCSS security update
Synopsis Moderate: python-XStatic-Bootstrap-SCSS security update Type/Severity Security Advisory: Moderate Topic An update for python-XStatic-Bootstrap-SCSS is now available for Red HatOpenStack Platform 13 (Queens)Red Hat Product Security has rated this update as having a security impactof Moderate A Com ...
Red Hat: Important: Red Hat Single Sign-On 7.6.2 for OpenShift image security and enhancement update
Synopsis Important: Red Hat Single Sign-On 762 for OpenShift image security and enhancement update Type/Severity Security Advisory: Important Topic A new image is available for Red Hat Single Sign-On 762, running on RedHat OpenShift Container Platform from the release of 311 up to the releaseof 4120Red Hat Product Security has rated t ...
Red Hat: Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update
Synopsis Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for the idm:DL1 and idm:client modules is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of M ...
Red Hat: Moderate: ipa security, bug fix, and enhancement update
Synopsis Moderate: ipa security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for ipa is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CV ...
Red Hat: Important: Red Hat Single Sign-On 7.6.2 security update on RHEL 8
概述 Important: Red Hat Single Sign-On 762 security update on RHEL 8 类型/严重性 Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems 标题 New Red Hat Single Sign-On 762 packages are now available for Red Hat Enterprise Linux 8Red H ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 749 Security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat JBoss Enterprise Application Platform 74 for ...
Red Hat: Important: Red Hat Single Sign-On 7.6.2 security update on RHEL 7
Synopsis Important: Red Hat Single Sign-On 762 security update on RHEL 7 Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic New Red Hat Single Sign-On 762 packages are now available for Red Hat Enterprise Linux 7Red Hat ...
Red Hat: Important: Red Hat Single Sign-On 7.6.2 security update on RHEL 9
Synopsis Important: Red Hat Single Sign-On 762 security update on RHEL 9 Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic New Red Hat Single Sign-On 762 packages are now available for Red Hat Enterprise Linux 9Red Hat ...
Red Hat: Important: Red Hat Single Sign-On 7.6.2 security update
Synopsis Important: Red Hat Single Sign-On 762 security update Type/Severity Security Advisory: Important Topic A security update is now available for Red Hat Single Sign-On 76 from the Customer PortalRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 749 Security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 74 Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...
Red Hat: Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
Synopsis Moderate: pki-core:106 and pki-deps:106 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for the pki-core:106 and pki-deps:106 modules is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a se ...
Tenable Security Advisories: [R1] Tenable.sc 5.19.0 Fixes Multiple Third-party Vulnerabilities
Tenablesc leverages third-party software to help provide underlying functionality Multiple third-party components were found to contain vulnerabilities, and updated versions have been made available by the providers Out of caution, and in line with best practice, Tenable has upgraded the bundled components to address the potential impact of the ...

ICS Advisories

Mitsubishi Electric EcoWebServerIII
Critical Infrastructure Sectors: Energy, Critical Manufacturing

Mailing Lists

Full Disclosure: dotCMS v5.1.1 Vulnerabilities
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> dotCMS v511 Vulnerabilities <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: John Martinelli &lt;john () ...

Github Repositories

https://github.com/korestreet/https-nj.gov---CVE-2018-14042

Vulnearability Report of the New Jersey official site

https-njgov---CVE-2018-14042 Vulnearability Report of the New Jersey official site In Bootstrap prior to 412, XSS is possible in the main collapse data attribute The data-target attribute, the data-parent attribute and the data-container is vulnerable to Cross-Site Scripting attacks &lt;script src="ajaxgoogleapiscom/ajax/libs/jquery/224/jqueryminjs&q

https://github.com/Snorlyd/https-nj.gov---CVE-2018-14042

Vulnearability Report of the New Jersey official site

https-njgov---CVE-2018-14042 Vulnearability Report of the New Jersey official site In Bootstrap prior to 412, XSS is possible in the main collapse data attribute The data-target attribute, the data-parent attribute and the data-container is vulnerable to Cross-Site Scripting attacks &lt;script src="ajaxgoogleapiscom/ajax/libs/jquery/224/jqueryminjs&q

References

CWE-79https://github.com/twbs/bootstrap/pull/26630https://github.com/twbs/bootstrap/issues/26628https://github.com/twbs/bootstrap/issues/26423https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/https://seclists.org/bugtraq/2019/May/18http://seclists.org/fulldisclosure/2019/May/13http://seclists.org/fulldisclosure/2019/May/11http://seclists.org/fulldisclosure/2019/May/10http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.htmlhttps://www.oracle.com/security-alerts/cpuApr2021.htmlhttps://www.tenable.com/security/tns-2021-14https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3Ehttps://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3Ehttps://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3Ehttps://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3Ehttps://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714%40%3Cissues.hbase.apache.org%3Ehttps://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3Ehttps://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907414https://github.com/korestreet/https-nj.gov---CVE-2018-14042https://www.cisa.gov/uscert/ics/advisories/icsa-22-055-02https://alas.aws.amazon.com/AL2/ALAS-2020-1519.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook