CVE-2018-14040

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Bootstrap versions 2.3.0 through 3.4.0 Bootstrap versions 4.0.0 through 4.1.1

Description The issue allows for XSS in the collapse data-parent attribute.

Recommendations For Bootstrap versions 2.3.0 through 3.4.0, update to version 3.4.0 or later. For Bootstrap versions 4.0.0 through 4.1.1, update to version 4.1.2 or later. As a temporary workaround, consider restricting the use of the collapse data-parent attribute until a patch is available.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

ALSA-2020:4670

ALSA-2025_16880

AZL-13232

AZL-43750

AZL-44334

CESA-2020_3936

CESA-2020_4670

CESA-2020_4847

CVE-2018-14040

DLA-1479-1

GHSA-3WQF-4X89-9G79

RHSA-2020:3936

RHSA-2020:4670

RHSA-2020:4847

RHSA-2020_3936

RHSA-2020_4670

RHSA-2020_4847

RHSA-2023:0552

RHSA-2023:0553

RHSA-2023:0554

RHSA-2023:1043

RHSA-2023:1044

RHSA-2023:1045

RLSA-2020:4670

RLSA-2020:4847

Affected Products

Almalinux

Bootstrap

Centos

Red Hat

Rocky Linux

CVE-2018-14040

Weakness Enumeration

Related Identifiers

Affected Products

References · 159