CVE-2019-8331
Summary
| CVE | CVE-2019-8331 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-02-20 16:29:00 UTC |
| Updated | 2023-11-07 03:13:00 UTC |
| Description | In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | F5 | Big-ip Access Policy Manager | All | All | All | All |
| Application | F5 | Big-ip Access Policy Manager | All | All | All | All |
| Application | F5 | Big-ip Advanced Firewall Manager | All | All | All | All |
| Application | F5 | Big-ip Advanced Firewall Manager | All | All | All | All |
| Application | F5 | Big-ip Analytics | All | All | All | All |
| Application | F5 | Big-ip Analytics | All | All | All | All |
| Application | F5 | Big-ip Application Acceleration Manager | All | All | All | All |
| Application | F5 | Big-ip Application Acceleration Manager | All | All | All | All |
| Application | F5 | Big-ip Application Security Manager | All | All | All | All |
| Application | F5 | Big-ip Application Security Manager | All | All | All | All |
| Application | F5 | Big-ip Domain Name System | All | All | All | All |
| Application | F5 | Big-ip Domain Name System | All | All | All | All |
| Application | F5 | Big-ip Edge Gateway | All | All | All | All |
| Application | F5 | Big-ip Edge Gateway | All | All | All | All |
| Application | F5 | Big-ip Fraud Protection Service | All | All | All | All |
| Application | F5 | Big-ip Fraud Protection Service | All | All | All | All |
| Application | F5 | Big-ip Global Traffic Manager | All | All | All | All |
| Application | F5 | Big-ip Global Traffic Manager | All | All | All | All |
| Application | F5 | Big-ip Link Controller | All | All | All | All |
| Application | F5 | Big-ip Link Controller | All | All | All | All |
| Application | F5 | Big-ip Local Traffic Manager | All | All | All | All |
| Application | F5 | Big-ip Local Traffic Manager | All | All | All | All |
| Application | F5 | Big-ip Policy Enforcement Manager | All | All | All | All |
| Application | F5 | Big-ip Policy Enforcement Manager | All | All | All | All |
| Application | F5 | Big-ip Webaccelerator | All | All | All | All |
| Application | F5 | Big-ip Webaccelerator | All | All | All | All |
| Application | Getbootstrap | Bootstrap | All | All | All | All |
| Application | Getbootstrap | Bootstrap | All | All | All | All |
| Application | Redhat | Virtualization Manager | 4.3 | All | All | All |
| Application | Redhat | Virtualization Manager | 4.3 | All | All | All |
| Application | Tenable | Tenable.sc | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Red Hat Customer Portal | REDHAT | access.redhat.com | Third Party Advisory |
| Pony Mail! | lists.apache.org | ||
| Pony Mail! | lists.apache.org | ||
| Pony Mail! | lists.apache.org | ||
| Pony Mail! | MLIST | lists.apache.org | Exploit, Mailing List, Third Party Advisory |
| Pony Mail! | MLIST | lists.apache.org | Mailing List, Third Party Advisory |
| Pony Mail! | lists.apache.org | ||
| Pony Mail! | MLIST | lists.apache.org | Mailing List, Third Party Advisory |
| Release v4.3.1 · twbs/bootstrap · GitHub | MISC | github.com | Release Notes, Third Party Advisory |
| Bootstrap CVE-2019-8331 Cross Site Scripting Vulnerabilitiy | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Full Disclosure: dotCMS v5.1.1 HTML Injection & XSS Vulnerability | FULLDISC | seclists.org | Mailing List, Third Party Advisory |
| [R1] Tenable.sc 5.19.0 Fixes Multiple Third-party Vulnerabilities - Security Advisory | Tenable® | CONFIRM | www.tenable.com | |
| Pony Mail! | MLIST | lists.apache.org | Mailing List, Third Party Advisory |
| Pony Mail! | lists.apache.org | ||
| OctoberCMS Insecure Dependencies ≈ Packet Storm | MISC | packetstormsecurity.com | Third Party Advisory, VDB Entry |
| Pony Mail! | lists.apache.org | ||
| Pony Mail! | lists.apache.org | ||
| Pony Mail! | MLIST | lists.apache.org | Mailing List, Third Party Advisory |
| Pony Mail! | lists.apache.org | ||
| Full Disclosure: dotCMS v5.1.1 Vulnerabilities | FULLDISC | seclists.org | Mailing List, Third Party Advisory |
| support.f5.com/csp/article/K24383845 | CONFIRM | support.f5.com | Third Party Advisory |
| Full Disclosure: Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability | FULLDISC | seclists.org | Mailing List, Third Party Advisory |
| Red Hat Customer Portal | REDHAT | access.redhat.com | Third Party Advisory |
| Pony Mail! | MLIST | lists.apache.org | Mailing List, Third Party Advisory |
| Bootstrap 3.4.1 and 4.3.1 | Bootstrap Blog | CONFIRM | blog.getbootstrap.com | Vendor Advisory |
| myF5 | support.f5.com | ||
| Red Hat Customer Portal | REDHAT | access.redhat.com | Third Party Advisory |
| support.f5.com/csp/article/K24383845 | CONFIRM | support.f5.com | Third Party Advisory |
| Release v3.4.1 · twbs/bootstrap · GitHub | MISC | github.com | Product, Third Party Advisory |
| sanitize template option for tooltip/popover plugins by Johann-S · Pull Request #28236 · twbs/bootstrap · GitHub | MISC | github.com | Issue Tracking, Patch, Third Party Advisory |
| Pony Mail! | lists.apache.org | ||
| Bugtraq: dotCMS v5.1.1 Vulnerabilities | BUGTRAQ | seclists.org | Mailing List, Third Party Advisory |
| Pony Mail! | MLIST | lists.apache.org | Mailing List, Third Party Advisory |
| Pony Mail! | MLIST | lists.apache.org | Exploit, Mailing List, Third Party Advisory |
| Pony Mail! | MLIST | lists.apache.org | Mailing List, Third Party Advisory |
| Oracle Critical Patch Update Advisory - April 2021 | MISC | www.oracle.com | |
| Pony Mail! | MLIST | lists.apache.org | Exploit, Mailing List, Third Party Advisory |
| Pony Mail! | lists.apache.org | ||
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 159652 Oracle Enterprise Linux Security Update for idm:dl1 and idm:client (ELSA-2020-4670)
- 159679 Oracle Enterprise Linux Security Update for pki-core:10.6 and pki-deps:10.6 (ELSA-2020-4847)
- 240999 Red Hat Update for red hat openstack 16.2.4 (python-xstatic-bootstrap-scss) (RHSA-2022:8848)
- 241000 Red Hat Update for red hat openstack 16.1.9 (python-xstatic-bootstrap-scss) (RHSA-2022:8865)
- 241153 Red Hat Update for JBoss Enterprise Application Platform 7.4.9 (RHSA-2023:0554)
- 241154 Red Hat Update for JBoss Enterprise Application Platform 7.4.9 (RHSA-2023:0552)
- 241155 Red Hat Update for JBoss Enterprise Application Platform 7.4.9 (RHSA-2023:0553)
- 377492 Alibaba Cloud Linux Security Update for ipa (ALINUX2-SA-2020:0169)
- 590764 Mitsubishi Electric EcoWebServerIII Multiple Vulnerabilities (ICSA-22-055-02)
- 590808 Mitsubishi Electric EcoWebServerIII Multiple Vulnerabilities (ICSA-22-055-02)
- 940071 AlmaLinux Security Update for idm:DL1 and idm:client (ALSA-2020:4670)
- 940348 AlmaLinux Security Update for pki-core:10.6 and pki-deps:10.6 (ALSA-2020:4847)
- 960340 Rocky Linux Security Update for idm:DL1 and idm:client (RLSA-2020:4670)
- 960454 Rocky Linux Security Update for pki-core:10.6 and pki-deps:10.6 (RLSA-2020:4847)
- 983481 Nodejs (npm) Security Update for bootstrap-sass (GHSA-wh77-3x4m-4q9g)
- 983482 Dotnet (nuget) Security Update for Bootstrap.Less (GHSA-fxwm-579q-49qq)