Known vulnerability found - CVE-2018-14041

Labs64 / NetLicensing-Demo

Labs64 NetLicensing / Demo Application

https://netlicensing.io

MIT License

6 stars 2 forks source link

Known vulnerability found - CVE-2018-14041 #10

Closed r-brown closed 5 years ago

r-brown commented 6 years ago

Known vulnerability found CVE-2018-14041 Moderate severity

In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy. This is similar to CVE-2018-14042. package.json update suggested: bootstrap ~> 4.1.2

Jamesking56 commented 5 years ago

Upgrading to Bootstrap 3.4.1 should fix this.