CVE-2018-14042 @ Maven-org.webjars:bootstrap-3.3.7

**Vulnerable Package** issue exists @ **Maven\-org.webjars:bootstrap\-3.3.7** in branch **main**

In Bootstrap before 3.4.0 and 4.0.0 through 4.1.1, XSS is possible in the data-container property of tooltip.

**Namespace:** CxDemoInABoxRepos
**Repository:** Java-Webgoat
**Repository Url:** https://github.com/CxDemoInABoxRepos/Java-Webgoat
**CxAST\-Project:** CxDemoInABoxRepos/Java-Webgoat
**CxAST platform scan:** [15076145\-61a1\-4d21\-a896\-a138ffd875d6](https://deu.ast.checkmarx.net/projects/26b3e443-162d-4768-a7fd-3d09781bac58/scans?id=15076145-61a1-4d21-a896-a138ffd875d6&branch=main)
**Branch:** main
**Application:** Java-Webgoat
**Severity:** MEDIUM
**State:** TO_VERIFY
**Status:** RECURRENT
**CWE:** CWE-79


----
**Additional Info**
**Attack vector:** NETWORK
**Attack complexity:** LOW
**Confidentiality impact:** LOW
**Availability impact:** NONE
**Remediation Upgrade Recommendation:** 3.4.0


----
**References**
[Advisory](https://security-tracker.debian.org/tracker/CVE-2018-14042)
[Release Note](https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/)
[Issue](https://github.com/twbs/bootstrap/issues/26423)
[Issue](https://github.com/twbs/bootstrap/issues/26628)
[Pull request](https://github.com/twbs/bootstrap/pull/26630)
[Commit](https://github.com/twbs/bootstrap/commit/efca80bb5bb34546a2e7a9488b89f71457d2ad92)
[Commit](https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CVE-2018-14042 @ Maven-org.webjars:bootstrap-3.3.7 #741

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

CVE-2018-14042 @ Maven-org.webjars:bootstrap-3.3.7 #741

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions