First published: Tue May 29 2018(Updated: )
A flaw was found in Bootstrap from version 4.0 and before 4.1.2. A Cross-site Scripting (XSS) is possible in the data-container property of tooltip. References: <a href="https://github.com/twbs/bootstrap/issues/26628">https://github.com/twbs/bootstrap/issues/26628</a> Upstream Patch: <a href="https://github.com/twbs/bootstrap/pull/26630">https://github.com/twbs/bootstrap/pull/26630</a>
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/ipa | <0:4.6.8-5.el7 | 0:4.6.8-5.el7 |
redhat/eap7-hal-console | <0:3.3.16-1.Final_redhat_00001.1.el8ea | 0:3.3.16-1.Final_redhat_00001.1.el8ea |
redhat/eap7-hal-console | <0:3.3.16-1.Final_redhat_00001.1.el9ea | 0:3.3.16-1.Final_redhat_00001.1.el9ea |
redhat/eap7-hal-console | <0:3.3.16-1.Final_redhat_00001.1.el7ea | 0:3.3.16-1.Final_redhat_00001.1.el7ea |
redhat/rh-sso7-keycloak | <0:18.0.6-1.redhat_00001.1.el7 | 0:18.0.6-1.redhat_00001.1.el7 |
redhat/rh-sso7-keycloak | <0:18.0.6-1.redhat_00001.1.el8 | 0:18.0.6-1.redhat_00001.1.el8 |
redhat/rh-sso7-keycloak | <0:18.0.6-1.redhat_00001.1.el9 | 0:18.0.6-1.redhat_00001.1.el9 |
Getbootstrap Bootstrap | <3.4.0 | |
Getbootstrap Bootstrap | >=4.0.0<4.1.2 | |
Getbootstrap Bootstrap | =4.0.0-alpha | |
Getbootstrap Bootstrap | =4.0.0-alpha2 | |
Getbootstrap Bootstrap | =4.0.0-alpha3 | |
Getbootstrap Bootstrap | =4.0.0-alpha4 | |
Getbootstrap Bootstrap | =4.0.0-alpha5 | |
Getbootstrap Bootstrap | =4.0.0-alpha6 | |
Getbootstrap Bootstrap | =4.0.0-beta | |
Getbootstrap Bootstrap | =4.0.0-beta2 | |
Getbootstrap Bootstrap | =4.0.0-beta3 | |
redhat/bootstrap | <4.1.2 | 4.1.2 |
redhat/bootstrap | <3.4.1 | 3.4.1 |
nuget/bootstrap.sass | >=4.0.0<4.1.2 | 4.1.2 |
npm/bootstrap-sass | >=2.0.4<3.4.0 | 3.4.0 |
rubygems/bootstrap-sass | >=2.3.0<3.4.0 | 3.4.0 |
nuget/bootstrap | >=2.3.0<3.4.0 | 3.4.0 |
nuget/bootstrap | >=4.0.0<4.1.2 | 4.1.2 |
composer/twbs/bootstrap | >=2.3.0<3.4.0 | 3.4.0 |
composer/twbs/bootstrap | >=4.0.0<4.1.2 | 4.1.2 |
maven/org.webjars:bootstrap | >=2.3.0<3.4.0 | 3.4.0 |
maven/org.webjars:bootstrap | >=4.0.0<4.1.2 | 4.1.2 |
npm/bootstrap | >=2.3.0<3.4.0 | 3.4.0 |
npm/bootstrap | >=4.0.0<4.1.2 | 4.1.2 |
rubygems/bootstrap | >=2.3.0<3.4.0 | 3.4.0 |
rubygems/bootstrap | >=4.0.0<4.1.2 | 4.1.2 |
IBM Cognos Analytics | <=12.0.0-12.0.3 | |
IBM Cognos Analytics | <=11.2.0-11.2.4 FP4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
The vulnerability ID for this Bootstrap vulnerability is CVE-2018-14042.
The severity of CVE-2018-14042 is medium.
Versions up to and excluding 4.1.2 of Bootstrap are affected by CVE-2018-14042.
To fix CVE-2018-14042, update Bootstrap to version 4.1.2 or later.
The Common Weakness Enumeration (CWE) ID for CVE-2018-14042 is CWE-79.