ADVISORIES
GEM
SEVERITY
CVSS v3.x: 6.1 (Medium)
PATCHED VERSIONS
- >= 4.1.2
DESCRIPTION
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
RELATED
- https://nvd.nist.gov/vuln/detail/CVE-2018-14040
- https://github.com/twbs/bootstrap/issues/26625
- https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2
- https://github.com/twbs/bootstrap/issues/26423
- https://github.com/twbs/bootstrap/issues/26628
- https://github.com/twbs/bootstrap/pull/26630
- https://github.com/twbs/bootstrap/commit/149096016f70fd815540d62c0989fd99cdc809e0
- https://github.com/twbs/bootstrap/blob/v3.4.1/js/collapse.js#L140
- https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html
- https://seclists.org/bugtraq/2019/May/18
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.tenable.com/security/tns-2021-14
- https://github.com/advisories/GHSA-3wqf-4x89-9g79