CVE-2018-14041

CVE	CVE-2018-14041
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2018-07-13 14:29:00 UTC
Updated	2023-11-07 02:52:00 UTC
Description	In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.

Problem Types: CWE-79

Type	Vendor	Product	Version	Update	Edition	Language
Application	Getbootstrap	Bootstrap	All	All	All	All
Application	Getbootstrap	Bootstrap	4.0.0	alpha	All	All
Application	Getbootstrap	Bootstrap	4.0.0	alpha2	All	All
Application	Getbootstrap	Bootstrap	4.0.0	alpha3	All	All
Application	Getbootstrap	Bootstrap	4.0.0	alpha4	All	All
Application	Getbootstrap	Bootstrap	4.0.0	alpha5	All	All
Application	Getbootstrap	Bootstrap	4.0.0	alpha6	All	All
Application	Getbootstrap	Bootstrap	4.0.0	beta	All	All
Application	Getbootstrap	Bootstrap	4.0.0	beta2	All	All
Application	Getbootstrap	Bootstrap	4.0.0	beta3	All	All
Application	Getbootstrap	Bootstrap	All	All	All	All
Application	Getbootstrap	Bootstrap	4.0.0	alpha	All	All
Application	Getbootstrap	Bootstrap	4.0.0	alpha2	All	All
Application	Getbootstrap	Bootstrap	4.0.0	alpha3	All	All
Application	Getbootstrap	Bootstrap	4.0.0	alpha4	All	All
Application	Getbootstrap	Bootstrap	4.0.0	alpha5	All	All
Application	Getbootstrap	Bootstrap	4.0.0	alpha6	All	All
Application	Getbootstrap	Bootstrap	4.0.0	beta	All	All
Application	Getbootstrap	Bootstrap	4.0.0	beta2	All	All
Application	Getbootstrap	Bootstrap	4.0.0	beta3	All	All

Reference	Source	Link	Tags
Pony Mail!		lists.apache.org
Pony Mail!		lists.apache.org
XSS possible in data-target property of scrollspy · Issue #26627 · twbs/bootstrap · GitHub	MISC	github.com	Exploit, Issue Tracking, Third Party Advisory
dotCMS 5.1.1 Vulnerable Dependencies ≈ Packet Storm	MISC	packetstormsecurity.com
Pony Mail!	MLIST	lists.apache.org
Fix xss in tooltip, collapse and scrollspy plugins by Johann-S · Pull Request #26630 · twbs/bootstrap · GitHub	MISC	github.com	Issue Tracking, Patch, Third Party Advisory
v4.1.2 ship list · Issue #26423 · twbs/bootstrap · GitHub	MISC	github.com	Issue Tracking, Third Party Advisory
Full Disclosure: dotCMS v5.1.1 HTML Injection & XSS Vulnerability	FULLDISC	seclists.org
Pony Mail!	MLIST	lists.apache.org
Pony Mail!		lists.apache.org
OctoberCMS Insecure Dependencies ≈ Packet Storm	MISC	packetstormsecurity.com
Pony Mail!		lists.apache.org
Pony Mail!	MLIST	lists.apache.org
Full Disclosure: dotCMS v5.1.1 Vulnerabilities	FULLDISC	seclists.org
Full Disclosure: Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability	FULLDISC	seclists.org
Red Hat Customer Portal	REDHAT	access.redhat.com
Bugtraq: dotCMS v5.1.1 Vulnerabilities	BUGTRAQ	seclists.org
Pony Mail!	MLIST	lists.apache.org
Pony Mail!	MLIST	lists.apache.org
Oracle Critical Patch Update Advisory - April 2021	MISC	www.oracle.com
Pony Mail!		lists.apache.org
Bootstrap 4.1.2 · Bootstrap Blog	MISC	blog.getbootstrap.com	Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

241153 Red Hat Update for JBoss Enterprise Application Platform 7.4.9 (RHSA-2023:0554)
241154 Red Hat Update for JBoss Enterprise Application Platform 7.4.9 (RHSA-2023:0552)
241155 Red Hat Update for JBoss Enterprise Application Platform 7.4.9 (RHSA-2023:0553)
982265 Nodejs (npm) Security Update for bootstrap (GHSA-pj7m-g53m-7638)