CVE-2019-8331 @ Npm-bootstrap-3.1.1

**Vulnerable Package** issue exists @ **Npm\-bootstrap\-3.1.1** in branch **main**

In Bootstrap before 3.4.1 and 4.x.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.

**Namespace:** CxDemoInABoxRepos
**Repository:** Java-Webgoat
**Repository Url:** https://github.com/CxDemoInABoxRepos/Java-Webgoat
**CxAST\-Project:** CxDemoInABoxRepos/Java-Webgoat
**CxAST platform scan:** [54f047f8\-7049\-4205\-83b9\-9e21c75dc4c9](https://deu.ast.checkmarx.net/projects/26b3e443-162d-4768-a7fd-3d09781bac58/scans?id=54f047f8-7049-4205-83b9-9e21c75dc4c9&branch=main)
**Branch:** main
**Application:** Java-Webgoat
**Severity:** MEDIUM
**State:** NOT_IGNORED
**Status:** RECURRENT
**CWE:** CWE-79


----
**Additional Info**
**Attack vector:** NETWORK
**Attack complexity:** LOW
**Confidentiality impact:** LOW
**Availability impact:** NONE
**Remediation Upgrade Recommendation:** 3.4.1


----
**References**
[Advisory](https://github.com/advisories/GHSA-9v3m-8fp8-mj99)
[Advisory](https://www.npmjs.com/advisories/891)
[Advisory](https://github.com/advisories/GHSA-wh77-3x4m-4q9g)
[Release Note](https://github.com/twbs/bootstrap/releases/tag/v4.3.1)
[Release Note](https://github.com/twbs/bootstrap/releases/tag/v3.4.1)
[Pull request](https://github.com/twbs/bootstrap/pull/28236)
[Commit](https://github.com/twbs/bootstrap/commit/0cd53fc4e1a0529c8cd148d0f31cc207d499e30e)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CVE-2019-8331 @ Npm-bootstrap-3.1.1 #228

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

CVE-2019-8331 @ Npm-bootstrap-3.1.1 #228

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions