First published: Fri Aug 10 2018(Updated: )
Bootstrap is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the affix configuration target property. A remote attacker could exploit this vulnerability to execute script in a victim''s Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim''s cookie-based authentication credentials.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/ipa | <0:4.6.8-5.el7 | 0:4.6.8-5.el7 |
redhat/ovirt-engine-api-explorer | <0:0.0.4-1.el7e | 0:0.0.4-1.el7e |
redhat/ovirt-engine-api-explorer | <0:0.0.5-1.el7e | 0:0.0.5-1.el7e |
redhat/ovirt-engine-ui-extensions | <0:1.0.10-1.el7e | 0:1.0.10-1.el7e |
Getbootstrap Bootstrap | <3.4.0 | |
redhat/bootstrap | <3.4.0 | 3.4.0 |
nuget/bootstrap | <3.4.0 | 3.4.0 |
rubygems/bootstrap-sass | <3.4.0 | 3.4.0 |
rubygems/bootstrap | <3.4.0 | 3.4.0 |
maven/org.webjars:bootstrap | <3.4.0 | 3.4.0 |
composer/twbs/bootstrap | <3.4.0 | 3.4.0 |
npm/bootstrap-sass | <3.4.0 | 3.4.0 |
npm/bootstrap | <3.4.0 | 3.4.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
CVE-2018-20677 is a vulnerability in Bootstrap before 3.4.0 that allows for cross-site scripting (XSS) attacks.
The severity of CVE-2018-20677 is medium with a CVSS score of 6.1.
An attacker can exploit CVE-2018-20677 by injecting malicious scripts into a victim's web browser through the affix configuration target property.
Yes, updating Bootstrap to version 3.4.0 or above will fix the vulnerability.
You can find more information about CVE-2018-20677 at the following links: [CVE-2018-20677](https://www.cve.org/CVERecord?id=CVE-2018-20677), [NVD](https://nvd.nist.gov/vuln/detail/CVE-2018-20677), [Red Hat Bugzilla](https://bugzilla.redhat.com/show_bug.cgi?id=1668089), [Red Hat Advisory](https://access.redhat.com/errata/RHSA-2020:0133).