Bootstrap Cross-site Scripting vulnerability

GHSA-7mvr-5x2g-wfc8 · CVE-2018-14042

Published Sep 13, 2018 · Modified Jun 8, 2026

Description

In Bootstrap starting in version 2.3.0 and prior to versions 3.4.0 and 4.1.2, XSS is possible in the data-container property of tooltip. This is similar to CVE-2018-14041.

References

6.1 / 10

MEDIUM CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected Packages

Maven/org.webjars:bootstrap

Fix 3.4.0, 4.1.2

Introduced 2.3.0, 4.0.0

32 affected versions

2.3.02.3.12.3.1-12.3.23.0.03.0.0-rc.23.0.0-rc13.0.13.0.23.0.33.1.03.1.13.1.1-13.1.1-23.2.03.2.0-13.2.0-23.3.03.3.13.3.2 +12 more

NuGet/bootstrap

Fix 3.4.0, 4.1.2

Introduced 2.3.0, 4.0.0

22 affected versions

2.3.12.3.23.0.03.0.13.0.23.0.33.1.03.1.13.2.03.3.03.3.13.3.23.3.43.3.53.3.63.3.6-jQuery33.3.6.13.3.74.0.04.1.0 +2 more

NuGet/bootstrap.sass

Fix 4.1.2

Introduced 4.0.0

4 affected versions

4.0.04.1.04.1.14.1.1-contentFiles

Packagist/twbs/bootstrap

Fix 3.4.0, 4.1.2

Introduced 2.3.0, 4.0.0

22 affected versions

v2.3.0v2.3.1v2.3.2v3.0.0v3.0.0-rc.2v3.0.0-rc1v3.0.1v3.0.2v3.0.3v3.1.0v3.1.1v3.2.0v3.3.0v3.3.1v3.3.2v3.3.4v3.3.5v3.3.6v3.3.7v4.0.0 +2 more

RubyGems/bootstrap

Fix 3.4.0, 4.1.2

Introduced 2.3.0, 4.0.0

3 affected versions

4.0.04.1.04.1.1

RubyGems/bootstrap-sass

Fix 3.4.0

Introduced 2.3.0

33 affected versions

2.3.0.02.3.0.12.3.1.02.3.1.22.3.1.32.3.2.02.3.2.12.3.2.23.0.0.03.0.0.0.rc3.0.0.0.rc23.0.1.03.0.1.0.rc3.0.2.03.0.2.13.0.3.03.1.0.03.1.0.13.1.0.23.1.1.0 +13 more

npm/bootstrap

Fix 3.4.0, 4.1.2

Introduced 2.3.0, 4.0.0

npm/bootstrap-sass

Fix 3.4.0

Introduced 2.0.4

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes