GHSA-7mvr-5x2g-wfc8

Source

https://github.com/advisories/GHSA-7mvr-5x2g-wfc8

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/09/GHSA-7mvr-5x2g-wfc8/GHSA-7mvr-5x2g-wfc8.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-7mvr-5x2g-wfc8

Aliases

CVE-2018-14042

Published

2018-09-13T15:50:32Z

Modified

2024-03-09T05:19:42.794978Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Bootstrap Cross-site Scripting vulnerability

Details

In Bootstrap starting in version 2.3.0 and prior to versions 3.4.0 and 4.1.2, XSS is possible in the data-container property of tooltip. This is similar to CVE-2018-14041.

References

Affected packages

RubyGems / bootstrap

Package

Name: bootstrap
Purl: pkg:gem/bootstrap

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Fixed

4.1.2

Affected versions

4.*

4.0.0

4.1.0

4.1.1

RubyGems / bootstrap

Package

Name: bootstrap
Purl: pkg:gem/bootstrap

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.3.0

Fixed

3.4.0

npm / bootstrap

Package

Name: bootstrap; View open source insights on deps.dev
Purl: pkg:npm/bootstrap

Affected ranges

Type: SEMVER
Events: Introduced

4.0.0

Fixed

4.1.2

npm / bootstrap

Package

Name: bootstrap; View open source insights on deps.dev
Purl: pkg:npm/bootstrap

Affected ranges

Type: SEMVER
Events: Introduced

2.3.0

Fixed

3.4.0