GHSA-pj7m-g53m-7638

Suggest an improvement
Source
https://github.com/advisories/GHSA-pj7m-g53m-7638
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/09/GHSA-pj7m-g53m-7638/GHSA-pj7m-g53m-7638.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-pj7m-g53m-7638
Aliases
Published
2018-09-13T15:49:56Z
Modified
2024-08-01T21:21:57.518210Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
Bootstrap Cross-site Scripting vulnerability
Details

In Bootstrap 4.x before 4.1.2, XSS is possible in the data-target property of scrollspy. This is similar to CVE-2018-14042.

Database specific
{
    "nvd_published_at": "2018-07-13T14:29:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:49:18Z"
}
References

Affected packages

npm / bootstrap

Package

Affected ranges

Type
SEMVER
Events
Introduced
4.0.0
Fixed
4.1.2

Packagist / typo3/cms-core

Package

Name
typo3/cms-core
Purl
pkg:composer/typo3/cms-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
8.0.0
Fixed
8.7.23

Affected versions

v8.*

v8.7.7
v8.7.8
v8.7.9
v8.7.10
v8.7.11
v8.7.12
v8.7.13
v8.7.14
v8.7.15
v8.7.16
v8.7.17
v8.7.18
v8.7.19
v8.7.20
v8.7.21
v8.7.22

Packagist / typo3/cms-core

Package

Name
typo3/cms-core
Purl
pkg:composer/typo3/cms-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
9.0.0
Fixed
9.5.4

Affected versions

v9.*

v9.0.0
v9.1.0
v9.2.0
v9.2.1
v9.3.0
v9.3.1
v9.3.2
v9.3.3
v9.4.0
v9.5.0
v9.5.1
v9.5.2
v9.5.3

Packagist / typo3/cms

Package

Name
typo3/cms
Purl
pkg:composer/typo3/cms

Affected ranges

Type
ECOSYSTEM
Events
Introduced
8.0.0
Fixed
8.7.23

Affected versions

8.*

8.0.0
8.0.1
8.1.0
8.1.1
8.1.2
8.2.0
8.2.1
8.3.0
8.3.1
8.4.0
8.4.1
8.5.0
8.5.1
8.6.0
8.6.1
8.7.0
8.7.1
8.7.2

v8.*

v8.7.3
v8.7.4
v8.7.5
v8.7.6
v8.7.7
v8.7.8
v8.7.9
v8.7.10
v8.7.11
v8.7.12
v8.7.13
v8.7.14
v8.7.15
v8.7.16
v8.7.17
v8.7.18
v8.7.19
v8.7.20
v8.7.21
v8.7.22

Packagist / typo3/cms

Package

Name
typo3/cms
Purl
pkg:composer/typo3/cms

Affected ranges

Type
ECOSYSTEM
Events
Introduced
9.0.0
Fixed
9.5.4

Affected versions

v9.*

v9.0.0
v9.1.0
v9.2.0
v9.2.1
v9.3.0
v9.3.1
v9.3.2
v9.3.3
v9.4.0
v9.5.0
v9.5.1
v9.5.2
v9.5.3

RubyGems / bootstrap

Package

Name
bootstrap
Purl
pkg:gem/bootstrap

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.0.0
Fixed
4.1.2

Affected versions

4.*

4.0.0
4.1.0
4.1.1

Packagist / twbs/bootstrap

Package

Name
twbs/bootstrap
Purl
pkg:composer/twbs/bootstrap

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.0.0
Fixed
4.1.2

Affected versions

v4.*

v4.0.0
v4.1.0
v4.1.1

NuGet / bootstrap

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.0.0
Fixed
4.1.2

Affected versions

4.*

4.0.0
4.1.0
4.1.1-contentFiles
4.1.1

NuGet / bootstrap.sass

Package

Name
bootstrap.sass
View open source insights on deps.dev
Purl
pkg:nuget/bootstrap.sass

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.0.0
Fixed
4.1.2

Affected versions

4.*

4.0.0
4.1.0
4.1.1-contentFiles
4.1.1

Maven / org.webjars:bootstrap

Package

Name
org.webjars:bootstrap
View open source insights on deps.dev
Purl
pkg:maven/org.webjars/bootstrap

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.0.0
Fixed
4.1.2

Affected versions

4.*

4.0.0
4.0.0-1
4.0.0-2
4.1.0
4.1.1