CVE-2018-14040
Summary
| CVE | CVE-2018-14040 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-07-13 14:29:00 UTC |
| Updated | 2023-11-07 02:52:00 UTC |
| Description | In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Application | Getbootstrap | Bootstrap | All | All | All | All |
| Application | Getbootstrap | Bootstrap | 4.0.0 | alpha | All | All |
| Application | Getbootstrap | Bootstrap | 4.0.0 | alpha2 | All | All |
| Application | Getbootstrap | Bootstrap | 4.0.0 | alpha3 | All | All |
| Application | Getbootstrap | Bootstrap | 4.0.0 | alpha4 | All | All |
| Application | Getbootstrap | Bootstrap | 4.0.0 | alpha5 | All | All |
| Application | Getbootstrap | Bootstrap | 4.0.0 | alpha6 | All | All |
| Application | Getbootstrap | Bootstrap | 4.0.0 | beta | All | All |
| Application | Getbootstrap | Bootstrap | 4.0.0 | beta2 | All | All |
| Application | Getbootstrap | Bootstrap | 4.0.0 | beta3 | All | All |
| Application | Getbootstrap | Bootstrap | All | All | All | All |
| Application | Getbootstrap | Bootstrap | 4.0.0 | alpha | All | All |
| Application | Getbootstrap | Bootstrap | 4.0.0 | alpha2 | All | All |
| Application | Getbootstrap | Bootstrap | 4.0.0 | alpha3 | All | All |
| Application | Getbootstrap | Bootstrap | 4.0.0 | alpha4 | All | All |
| Application | Getbootstrap | Bootstrap | 4.0.0 | alpha5 | All | All |
| Application | Getbootstrap | Bootstrap | 4.0.0 | alpha6 | All | All |
| Application | Getbootstrap | Bootstrap | 4.0.0 | beta | All | All |
| Application | Getbootstrap | Bootstrap | 4.0.0 | beta2 | All | All |
| Application | Getbootstrap | Bootstrap | 4.0.0 | beta3 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Pony Mail! | lists.apache.org | ||
| Pony Mail! | lists.apache.org | ||
| [SECURITY] [DLA 1479-1] twitter-bootstrap3 security update | MLIST | lists.debian.org | Third Party Advisory |
| dotCMS 5.1.1 Vulnerable Dependencies ≈ Packet Storm | MISC | packetstormsecurity.com | |
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | lists.apache.org | ||
| Fix xss in tooltip, collapse and scrollspy plugins by Johann-S · Pull Request #26630 · twbs/bootstrap · GitHub | MISC | github.com | Issue Tracking, Patch, Third Party Advisory |
| Pony Mail! | MLIST | lists.apache.org | |
| v4.1.2 ship list · Issue #26423 · twbs/bootstrap · GitHub | MISC | github.com | Issue Tracking, Third Party Advisory |
| Full Disclosure: dotCMS v5.1.1 HTML Injection & XSS Vulnerability | FULLDISC | seclists.org | |
| [R1] Tenable.sc 5.19.0 Fixes Multiple Third-party Vulnerabilities - Security Advisory | Tenable® | CONFIRM | www.tenable.com | |
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | lists.apache.org | ||
| OctoberCMS Insecure Dependencies ≈ Packet Storm | MISC | packetstormsecurity.com | |
| Pony Mail! | lists.apache.org | ||
| Pony Mail! | MLIST | lists.apache.org | |
| Full Disclosure: dotCMS v5.1.1 Vulnerabilities | FULLDISC | seclists.org | |
| Full Disclosure: Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability | FULLDISC | seclists.org | |
| XSS possible in collapse data-parent attribute · Issue #26625 · twbs/bootstrap · GitHub | MISC | github.com | Exploit, Issue Tracking, Third Party Advisory |
| Bugtraq: dotCMS v5.1.1 Vulnerabilities | BUGTRAQ | seclists.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| Oracle Critical Patch Update Advisory - April 2021 | MISC | www.oracle.com | |
| Pony Mail! | lists.apache.org | ||
| Bootstrap 4.1.2 · Bootstrap Blog | MISC | blog.getbootstrap.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 159652 Oracle Enterprise Linux Security Update for idm:dl1 and idm:client (ELSA-2020-4670)
- 159679 Oracle Enterprise Linux Security Update for pki-core:10.6 and pki-deps:10.6 (ELSA-2020-4847)
- 241153 Red Hat Update for JBoss Enterprise Application Platform 7.4.9 (RHSA-2023:0554)
- 241154 Red Hat Update for JBoss Enterprise Application Platform 7.4.9 (RHSA-2023:0552)
- 241155 Red Hat Update for JBoss Enterprise Application Platform 7.4.9 (RHSA-2023:0553)
- 376094 F5 BIG-IP Application Security Manager (ASM), Local Traffic Manager (LTM), Access Policy Manager (APM) Bootstrap Vulnerability (K48382137)
- 377492 Alibaba Cloud Linux Security Update for ipa (ALINUX2-SA-2020:0169)
- 590764 Mitsubishi Electric EcoWebServerIII Multiple Vulnerabilities (ICSA-22-055-02)
- 590808 Mitsubishi Electric EcoWebServerIII Multiple Vulnerabilities (ICSA-22-055-02)
- 905396 Common Base Linux Mariner (CBL-Mariner) Security Update for reaper (13232)
- 905461 Common Base Linux Mariner (CBL-Mariner) Security Update for boost (13316)
- 906806 Common Base Linux Mariner (CBL-Mariner) Security Update for reaper (13232-1)
- 940071 AlmaLinux Security Update for idm:DL1 and idm:client (ALSA-2020:4670)
- 940348 AlmaLinux Security Update for pki-core:10.6 and pki-deps:10.6 (ALSA-2020:4847)
- 960340 Rocky Linux Security Update for idm:DL1 and idm:client (RLSA-2020:4670)
- 960454 Rocky Linux Security Update for pki-core:10.6 and pki-deps:10.6 (RLSA-2020:4847)