MitreCVE-2018-14041

HistoryJul 13, 2018 - 2:29 p.m.

CVE-2018-14041

2018-07-1314:29:00

CWE-79

mitre

web.nvd.nist.gov

206

cve-2018-14041

bootstrap

xss

data-target property

scrollspy

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

Confidence

High

EPSS

0.004

Percentile

73.7%

JSON

In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.

Affected configurations

Nvd

Node

getbootstrapbootstrapRange4.0.0–4.1.2

getbootstrapbootstrapMatch4.0.0alpha

getbootstrapbootstrapMatch4.0.0alpha2

getbootstrapbootstrapMatch4.0.0alpha3

getbootstrapbootstrapMatch4.0.0alpha4

getbootstrapbootstrapMatch4.0.0alpha5

getbootstrapbootstrapMatch4.0.0alpha6

getbootstrapbootstrapMatch4.0.0beta

getbootstrapbootstrapMatch4.0.0beta2

getbootstrapbootstrapMatch4.0.0beta3

VendorProductVersionCPE
getbootstrapbootstrap*cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*
getbootstrapbootstrap4.0.0cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*
getbootstrapbootstrap4.0.0cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*
getbootstrapbootstrap4.0.0cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*
getbootstrapbootstrap4.0.0cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*
getbootstrapbootstrap4.0.0cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*
getbootstrapbootstrap4.0.0cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*
getbootstrapbootstrap4.0.0cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*
getbootstrapbootstrap4.0.0cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*
getbootstrapbootstrap4.0.0cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*

Vendor	Product	Version	CPE
getbootstrap	bootstrap	*	cpe:2.3:a:getbootstrap:bootstrap::::::::
getbootstrap	bootstrap	4.0.0	cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha::::::
getbootstrap	bootstrap	4.0.0	cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2::::::
getbootstrap	bootstrap	4.0.0	cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3::::::
getbootstrap	bootstrap	4.0.0	cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4::::::
getbootstrap	bootstrap	4.0.0	cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5::::::
getbootstrap	bootstrap	4.0.0	cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6::::::
getbootstrap	bootstrap	4.0.0	cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta::::::
getbootstrap	bootstrap	4.0.0	cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2::::::
getbootstrap	bootstrap	4.0.0	cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3::::::