Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
6.1
CVSSv3

CVE-2019-8331

Published: 20/02/2019 Updated: 07/11/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 385
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

In Bootstrap prior to 3.4.1 and 4.3.x prior to 4.3.1, XSS is possible in the tooltip or popover data-template attribute.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

getbootstrap bootstrap

f5 big-ip local traffic manager

f5 big-ip application security manager

f5 big-ip access policy manager

f5 big-ip advanced firewall manager

f5 big-ip analytics

f5 big-ip application acceleration manager

f5 big-ip domain name system

f5 big-ip fraud protection service

f5 big-ip global traffic manager

f5 big-ip link controller

f5 big-ip policy enforcement manager

f5 big-ip webaccelerator

f5 big-ip edge gateway

redhat virtualization manager 4.3

tenable tenable.sc

Vendor Advisories

Red Hat: CVE-2019-8331
Impact: Moderate Public Date: 2019-02-11 CWE: CWE-79 Bugzilla: 1686454: CVE-2019-8331 bootstrap: XSS in ...
Amazon Linux 2: ALAS2-2020-1519
jQuery before 300 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed (CVE-2015-9251) In Bootstrap 3x before 340 and 4x-beta before 400-beta2, XSS is possible in the data-target attribute, a different vulnerability t ...
Red Hat: Moderate: python-XStatic-Bootstrap-SCSS security update
Synopsis Moderate: python-XStatic-Bootstrap-SCSS security update Type/Severity Security Advisory: Moderate Topic An update for python-XStatic-Bootstrap-SCSS is now available for Red HatOpenStack Platform 13 (Queens)Red Hat Product Security has rated this update as having a security impactof Moderate A Com ...
Red Hat: Moderate: Red Hat OpenStack 16.1.9 (python-XStatic-Bootstrap-SCSS) security update
Synopsis Moderate: Red Hat OpenStack 1619 (python-XStatic-Bootstrap-SCSS) security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for python-XStatic-Bootstrap-SCSS is now available for Red HatOpenStack ...
Red Hat: Moderate: Red Hat OpenStack 16.2.4 (python-XStatic-Bootstrap-SCSS) security update
Synopsis Moderate: Red Hat OpenStack 1624 (python-XStatic-Bootstrap-SCSS) security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for python-XStatic-Bootstrap-SCSS is now available for Red HatOpenStack ...
Red Hat: Important: RHV Manager (ovirt-engine) 4.4 security, bug fix, and enhancement update
Synopsis Important: RHV Manager (ovirt-engine) 44 security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic Updated ovirt-engine packages that fix several bugs and add various enhancements are now availableRed Hat Product Security has rated this update as having a security ...
Red Hat: Important: Red Hat Fuse 7.11.1 release and security update
Synopsis Important: Red Hat Fuse 7111 release and security update Type/Severity Security Advisory: Important Topic A minor version update (from 711 to 7111) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product Security has rated this updat ...
Red Hat: Moderate: Red Hat Single Sign-On 7.3.2 security update
Synopsis Moderate: Red Hat Single Sign-On 732 security update Type/Severity Security Advisory: Moderate Topic A security update is now available for Red Hat Single Sign-On 73 from the Customer PortalRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerab ...
Red Hat: Moderate: ovirt-engine-ui-extensions security and bug fix update
Synopsis Moderate: ovirt-engine-ui-extensions security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for ovirt-engine-ui-extensions is now available for Red Hat Virtualization Engine 43Red Hat Product Security has rated this update as having a security impact of Moderate A ...
Red Hat: Moderate: ovirt-web-ui security and bug fix update
Synopsis Moderate: ovirt-web-ui security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for ovirt-web-ui is now available for Red Hat Virtualization Engine 43Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 749 Security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 74 Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 749 Security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat JBoss Enterprise Application Platform 74 for ...
Red Hat: Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
Synopsis Moderate: pki-core:106 and pki-deps:106 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for the pki-core:106 and pki-deps:106 modules is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a se ...
Red Hat: Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update
Synopsis Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for the idm:DL1 and idm:client modules is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of M ...
Red Hat: Moderate: ipa security, bug fix, and enhancement update
Synopsis Moderate: ipa security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for ipa is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CV ...
Tenable Security Advisories: [R1] Tenable.sc 5.19.0 Fixes Multiple Third-party Vulnerabilities
Tenablesc leverages third-party software to help provide underlying functionality Multiple third-party components were found to contain vulnerabilities, and updated versions have been made available by the providers Out of caution, and in line with best practice, Tenable has upgraded the bundled components to address the potential impact of the ...

ICS Advisories

Mitsubishi Electric EcoWebServerIII
Critical Infrastructure Sectors: Energy, Critical Manufacturing

Mailing Lists

Full Disclosure: dotCMS v5.1.1 HTML Injection & XSS Vulnerability
There's a screenshot available on my blog link above demodotcmscom/html/portlet/ext/files/edit_text_incjsp?referer=%22%3EHTML%20Code%20Injection%20Here%20and%20XSS%20Vulnerability%20%3Cbr%3E%3Cbr%3E There are more unconfirmed vulnerabilities in dotCMS On 5/9/19 9:11 AM, John Martinelli wrote: __________________________________ ...
Full Disclosure: Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability
On 5/9/19 11:29 AM, John Martinelli wrote: _______________________________________________ Sent through the Full Disclosure mailing list nmaporg/mailman/listinfo/fulldisclosure Web Archives & RSS: seclistsorg/fulldisclosure/ ...
Full Disclosure: dotCMS v5.1.1 Vulnerabilities
Hello, The details: /ROOT/html/js/scriptaculous/prototypejs ↳ prototypejs 150 ROOT/assets/3/6/36c22c5d-c813-4869-a4b7-fcc10a74e8b6/fileAsset/jqueryminjs ↳ jquery 191 ROOT/assets/5/1/515cba4e-ac64-4523-b683-8e38329e7f46/fileAsset/bootstrapminjs ↳ bootstrap 320 ROOT/assets/9/9/99c7ffe7-e1c2-407f-85b7-ec483dbcf6f1/fileAs ...

Github Repositories

https://github.com/pdobb/pronto-bundler_audit

Pronto runner for bundler-audit, patch-level verification for bundler.

Maintainer needed Unfortunately, I (@pdobb) am no longer working on any projects and, therefore, don't have a good way to test fixes There are probably numerous fixes needed right now as pronto 0110 has been recently released and since there is no proper API for using pronto's internals, each update to pronto will likely mean breaking changes in gems such as this o

https://github.com/Snorlyd/https-nj.gov---CVE-2019-8331

Vulnearability Report of the New Jersey official site

https-njgov---CVE-2019-8331 Vulnearability Report of the New Jersey official site Bootstrap 400 Found in maxcdnbootstrapcdncom/bootstrap/400/js/bootstrapminjs _____Vulnerability info: Medium 28236 XSS in data-template, data-content and data-title properties of tooltip/popover CVE-2019-8331 Versions of bootstrap prior to 341 for 3x and 431 for 4x are vulne

https://github.com/andersoncontreira/http-tunnel-node

This project provide an HTTP tunnel connection, it contains an server that can receive HTTP connections and delivery to the target desired, but with IP from the current host (Whitelist host).

HTTP Tunnel This project provide an HTTP tunnel connection The project contains an serve:r that can receive HTTP connections and delivery to the target desired, but with IP from the current host (Whitelist host) Purpose Some API services work with an Ips whitelist, during the development process is necessary connect to this API The idea of this project is provide the wa

https://github.com/korestreet/https-nj.gov---CVE-2019-8331

Vulnearability Report of the New Jersey official site

https-njgov---CVE-2019-8331 Vulnearability Report of the New Jersey official site Bootstrap 400 Found in maxcdnbootstrapcdncom/bootstrap/400/js/bootstrapminjs _____Vulnerability info: Medium 28236 XSS in data-template, data-content and data-title properties of tooltip/popover CVE-2019-8331 Versions of bootstrap prior to 341 for 3x and 431 for 4x are vulne

https://github.com/Thampakon/CVE-2019-8331

ช่องโหว่ CVE-2019-8331

Eng อธิบาย CVE-2019-8331 เป็นช่องโหว่ด้านความปลอดภัยประเภท Cross-Site Scripting (XSS) พบใน Bootstrap ซึ่งเป็นไลบรารี JavaScript ที่ใช้กันอย่างแพร่หลายในการพัฒนาเว็บไซต์และแอ

https://github.com/MuDiAhmed/invitation_system

File Structure Symfony: api server angular: frontend framework Requirements: You will find a README file in each directory describing the requirements TODO: Move the app to docker containers Cover all API Routes with functional tests Fix vulnerability issue track number CVE-2019-8331 with frontend

https://github.com/bridgecrewio/checkov-action

This GitHub Action runs Checkov against infrastructure-as-code, open source packages, container images, and CI/CD configurations to identify misconfigurations, vulnerabilities, and license compliance issues.

Checkov GitHub action This GitHub Action runs Checkov against infrastructure-as-code, open source packages, container images, and CI/CD configurations to identify misconfigurations, vulnerabilities, and license compliance issues Example usage for IaC and SCA name: checkov # Controls when the workflow will run on: # Triggers the workflow on push or pull request events but on

https://github.com/Roblox-ActionsCache/bridgecrewio-checkov-action

GitHub Action that runs Checkov against infrastructure-as-code, open source packages, container images, and CI/CD configurations to identify misconfigurations, vulnerabilities, and license compliance issues. Copied from https://github.com/bridgecrewio/checkov-action

Checkov GitHub action This GitHub Action runs Checkov against infrastructure-as-code, open source packages, container images, and CI/CD configurations to identify misconfigurations, vulnerabilities, and license compliance issues Example usage for IaC and SCA name: checkov # Controls when the workflow will run on: # Triggers the workflow on push or pull request events but on

References

CWE-79https://github.com/twbs/bootstrap/releases/tag/v4.3.1https://github.com/twbs/bootstrap/pull/28236http://www.securityfocus.com/bid/107375https://github.com/twbs/bootstrap/releases/tag/v3.4.1https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/https://support.f5.com/csp/article/K24383845https://seclists.org/bugtraq/2019/May/18http://seclists.org/fulldisclosure/2019/May/13http://seclists.org/fulldisclosure/2019/May/11http://seclists.org/fulldisclosure/2019/May/10https://access.redhat.com/errata/RHSA-2019:1456https://access.redhat.com/errata/RHSA-2019:3023https://access.redhat.com/errata/RHSA-2019:3024http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.htmlhttps://www.oracle.com/security-alerts/cpuApr2021.htmlhttps://www.tenable.com/security/tns-2021-14https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3Ehttps://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3Ehttps://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3Ehttps://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3Ehttps://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3Ehttps://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3Ehttps://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3Ehttps://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3Ehttps://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714%40%3Cissues.hbase.apache.org%3Ehttps://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3Ehttps://support.f5.com/csp/article/K24383845?utm_source=f5support&%3Butm_medium=RSShttps://nvd.nist.govhttps://www.cisa.gov/uscert/ics/advisories/icsa-22-055-02https://github.com/pdobb/pronto-bundler_audithttps://access.redhat.com/security/cve/cve-2019-8331
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2018-25103CVE-2024-36279CVE-2024-38457elevation of privilegeCVE-2024-27801CVE-2024-30103NULL pointer dereferenceCVE-2024-6057XML injection
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook