Note:
This project will be discontinued after December 13, 2021. [more]
2019-01-09
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
Products | Bootstrap |
Type | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79) |
First patch | - None (likely due to unavailable code) |
Patches | https://github.com/twbs/bootstrap/pull/23687 |
Links |
• https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906
• https://access.redhat.com/errata/RHSA-2019:1456 • https://access.redhat.com/errata/RHBA-2019:1076 • https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/ • https://access.redhat.com/errata/RHSA-2019:3023 |