Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2019-8331

Published: 20/02/2019 Updated: 07/11/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 385
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Bootstrap

Vulnerability Summary

In Bootstrap prior to 3.4.1 and 4.3.x prior to 4.3.1, XSS is possible in the tooltip or popover data-template attribute.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

getbootstrap bootstrap

f5 big-ip local traffic manager

f5 big-ip application security manager

f5 big-ip access policy manager

f5 big-ip advanced firewall manager

f5 big-ip analytics

f5 big-ip application acceleration manager

f5 big-ip domain name system

f5 big-ip fraud protection service

f5 big-ip global traffic manager

f5 big-ip link controller

f5 big-ip policy enforcement manager

f5 big-ip webaccelerator

f5 big-ip edge gateway

redhat virtualization manager 4.3

tenable tenable.sc

Vendor Advisories

Amazon Linux 2: ALAS2-2020-1519
jQuery before 300 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed (CVE-2015-9251) In Bootstrap 3x before 340 and 4x-beta before 400-beta2, XSS is possible in the data-target attribute, a different vulnerability t ...
Red Hat: Moderate: python-XStatic-Bootstrap-SCSS security update
Synopsis Moderate: python-XStatic-Bootstrap-SCSS security update Type/Severity Security Advisory: Moderate Topic An update for python-XStatic-Bootstrap-SCSS is now available for Red HatOpenStack Platform 13 (Queens)Red Hat Product Security has rated this update as having a security impactof Moderate A Com ...
Red Hat: Moderate: Red Hat OpenStack 16.2.4 (python-XStatic-Bootstrap-SCSS) security update
Synopsis Moderate: Red Hat OpenStack 1624 (python-XStatic-Bootstrap-SCSS) security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for python-XStatic-Bootstrap-SCSS is now available for Red HatOpenStack ...
Red Hat: Moderate: Red Hat OpenStack 16.1.9 (python-XStatic-Bootstrap-SCSS) security update
Synopsis Moderate: Red Hat OpenStack 1619 (python-XStatic-Bootstrap-SCSS) security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for python-XStatic-Bootstrap-SCSS is now available for Red HatOpenStack ...
Red Hat: Moderate: ovirt-engine-ui-extensions security and bug fix update
Synopsis Moderate: ovirt-engine-ui-extensions security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for ovirt-engine-ui-extensions is now available for Red Hat Virtualization Engine 43Red Hat Product Security has rated this update as having a security impact of Moderate A ...
Red Hat: Moderate: ovirt-web-ui security and bug fix update
Synopsis Moderate: ovirt-web-ui security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for ovirt-web-ui is now available for Red Hat Virtualization Engine 43Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring ...
Red Hat: Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update
Synopsis Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for the idm:DL1 and idm:client modules is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of M ...
Red Hat: Moderate: ipa security, bug fix, and enhancement update
Synopsis Moderate: ipa security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for ipa is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CV ...
Red Hat: Moderate: Red Hat Single Sign-On 7.3.2 security update
Synopsis Moderate: Red Hat Single Sign-On 732 security update Type/Severity Security Advisory: Moderate Topic A security update is now available for Red Hat Single Sign-On 73 from the Customer PortalRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerab ...
Red Hat: Important: Red Hat Fuse 7.11.1 release and security update
Synopsis Important: Red Hat Fuse 7111 release and security update Type/Severity Security Advisory: Important Topic A minor version update (from 711 to 7111) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product Security has rated this updat ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 749 Security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat JBoss Enterprise Application Platform 74 for ...
Red Hat: Important: RHV Manager (ovirt-engine) 4.4 security, bug fix, and enhancement update
Synopsis Important: RHV Manager (ovirt-engine) 44 security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic Updated ovirt-engine packages that fix several bugs and add various enhancements are now availableRed Hat Product Security has rated this update as having a security ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 749 Security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 74 Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...
Red Hat: Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
Synopsis Moderate: pki-core:106 and pki-deps:106 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for the pki-core:106 and pki-deps:106 modules is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a se ...
Red Hat: CVE-2019-8331
Impact: Moderate Public Date: 2019-02-11 CWE: CWE-79 Bugzilla: 1686454: CVE-2019-8331 bootstrap: XSS in ...
Tenable Security Advisories: [R1] Tenable.sc 5.19.0 Fixes Multiple Third-party Vulnerabilities
Tenablesc leverages third-party software to help provide underlying functionality Multiple third-party components were found to contain vulnerabilities, and updated versions have been made available by the providers Out of caution, and in line with best practice, Tenable has upgraded the bundled components to address the potential impact of the ...

ICS Advisories

Mitsubishi Electric EcoWebServerIII
Critical Infrastructure Sectors: Energy, Critical Manufacturing

Mailing Lists

Full Disclosure: dotCMS v5.1.1 Vulnerabilities
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> dotCMS v511 Vulnerabilities <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: John Martinelli &lt;john () ...

Github Repositories

https://github.com/pdobb/pronto-bundler_audit

Pronto runner for bundler-audit, patch-level verification for bundler.

Maintainer needed Unfortunately, I (@pdobb) am no longer working on any projects and, therefore, don't have a good way to test fixes There are probably numerous fixes needed right now as pronto 0110 has been recently released and since there is no proper API for using pronto's internals, each update to pronto will likely mean breaking changes in gems such as this o

https://github.com/Snorlyd/https-nj.gov---CVE-2019-8331

Vulnearability Report of the New Jersey official site

https-njgov---CVE-2019-8331 Vulnearability Report of the New Jersey official site Bootstrap 400 Found in maxcdnbootstrapcdncom/bootstrap/400/js/bootstrapminjs _____Vulnerability info: Medium 28236 XSS in data-template, data-content and data-title properties of tooltip/popover CVE-2019-8331 Versions of bootstrap prior to 341 for 3x and 431 for 4x are vulne

https://github.com/andersoncontreira/http-tunnel-node

This project provide an HTTP tunnel connection, it contains an server that can receive HTTP connections and delivery to the target desired, but with IP from the current host (Whitelist host).

HTTP Tunnel This project provide an HTTP tunnel connection The project contains an serve:r that can receive HTTP connections and delivery to the target desired, but with IP from the current host (Whitelist host) Purpose Some API services work with an Ips whitelist, during the development process is necessary connect to this API The idea of this project is provide the wa

https://github.com/Thampakon/CVE-2019-8331

ช่องโหว่ CVE-2019-8331

Eng อธิบาย CVE-2019-8331 เป็นช่องโหว่ด้านความปลอดภัยประเภท Cross-Site Scripting (XSS) พบใน Bootstrap ซึ่งเป็นไลบรารี JavaScript ที่ใช้กันอย่างแพร่หลายในการพัฒนาเว็บไซต์และแอ

https://github.com/korestreet/https-nj.gov---CVE-2019-8331

Vulnearability Report of the New Jersey official site

https-njgov---CVE-2019-8331 Vulnearability Report of the New Jersey official site Bootstrap 400 Found in maxcdnbootstrapcdncom/bootstrap/400/js/bootstrapminjs _____Vulnerability info: Medium 28236 XSS in data-template, data-content and data-title properties of tooltip/popover CVE-2019-8331 Versions of bootstrap prior to 341 for 3x and 431 for 4x are vulne

https://github.com/MuDiAhmed/invitation_system

File Structure Symfony: api server angular: frontend framework Requirements: You will find a README file in each directory describing the requirements TODO: Move the app to docker containers Cover all API Routes with functional tests Fix vulnerability issue track number CVE-2019-8331 with frontend

References

CWE-79https://github.com/twbs/bootstrap/releases/tag/v4.3.1https://github.com/twbs/bootstrap/pull/28236http://www.securityfocus.com/bid/107375https://github.com/twbs/bootstrap/releases/tag/v3.4.1https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/https://support.f5.com/csp/article/K24383845https://seclists.org/bugtraq/2019/May/18http://seclists.org/fulldisclosure/2019/May/13http://seclists.org/fulldisclosure/2019/May/11http://seclists.org/fulldisclosure/2019/May/10https://access.redhat.com/errata/RHSA-2019:1456https://access.redhat.com/errata/RHSA-2019:3023https://access.redhat.com/errata/RHSA-2019:3024http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.htmlhttps://www.oracle.com/security-alerts/cpuApr2021.htmlhttps://www.tenable.com/security/tns-2021-14https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3Ehttps://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3Ehttps://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3Ehttps://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3Ehttps://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3Ehttps://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3Ehttps://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3Ehttps://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3Ehttps://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714%40%3Cissues.hbase.apache.org%3Ehttps://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3Ehttps://support.f5.com/csp/article/K24383845?utm_source=f5support&%3Butm_medium=RSShttps://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALAS-2020-1519.htmlhttps://github.com/pdobb/pronto-bundler_audithttps://www.cisa.gov/uscert/ics/advisories/icsa-22-055-02
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook