PT-2019-5358 · Twitter+4 · Bootstrap+4

Don-Spyker

Published

2019-01-09

Updated

2025-09-29

CVE-2018-20676

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Bootstrap versions prior to 3.4.0

Description The issue is related to the tooltip component of the Bootstrap toolkit, which fails to properly protect the structure of web pages. This can be exploited by a remote attacker to perform cross-site scripting attacks.

Recommendations For versions prior to 3.4.0, update to version 3.4.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the tooltip component until a patch is available. Avoid using the data-viewport attribute in the affected tooltip component until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

ALSA-2020:4670

ALSA-2025_16880

BDU:2020-02565

CESA-2020_3936

CESA-2020_4670

CVE-2018-20676

GHSA-3MGP-FX93-9XV5

RHSA-2019:3023

RHSA-2020:3936

RHSA-2020:4670

RHSA-2020:5571

RHSA-2020_3936

RHSA-2020_4670

RHSA-2023:5693

RLSA-2020:4670

Affected Products

Almalinux

Bootstrap

Centos

Red Hat

Rocky Linux

PT-2019-5358 · Twitter+4 · Bootstrap+4

CVE-2018-20676

Weakness Enumeration

Related Identifiers

Affected Products

References · 105