Details:
CVE-2018-14041: The data-target property of scrollspy in bootstrap versions on or above 4.0.0-alpha and before 4.1.2 are vulnerable to Cross-Site Scripting(XSS) attacks. Please refer to vendor documentation (https://github.com/twbs/bootstrap/issues/20184) for the latest security updates.
CVE-2018-14040: Bootstrap versions on or above 4.0.0-alpha and before 4.1.2 are vulnerable to Cross-Site Scripting(XSS) in collapse data-parent attribute. Please refer to vendor documentation (https://github.com/twbs/bootstrap/issues/20184) for latest security updates.
CVE-2018-14042: Bootstrap versions on or above 4.0.0-alpha and before 4.1.2 are vulnerable to Cross-Site Scripting(XSS) in data-container property of tooltip. Please refer to vendor documentation (https://github.com/twbs/bootstrap/issues/20184) for latest security updates.
Info
Application: app3 Component: Appsec Phoenix Website Sub component / Asset: https://appsecphoenix.com/
Details
Vulnerable javascript library: Bootstrap version: 4.0.0
Details: CVE-2018-14041: The data-target property of scrollspy in bootstrap versions on or above 4.0.0-alpha and before 4.1.2 are vulnerable to Cross-Site Scripting(XSS) attacks. Please refer to vendor documentation (https://github.com/twbs/bootstrap/issues/20184) for the latest security updates.
CVE-2018-14040: Bootstrap versions on or above 4.0.0-alpha and before 4.1.2 are vulnerable to Cross-Site Scripting(XSS) in collapse data-parent attribute. Please refer to vendor documentation (https://github.com/twbs/bootstrap/issues/20184) for latest security updates.
CVE-2018-14042: Bootstrap versions on or above 4.0.0-alpha and before 4.1.2 are vulnerable to Cross-Site Scripting(XSS) in data-container property of tooltip. Please refer to vendor documentation (https://github.com/twbs/bootstrap/issues/20184) for latest security updates.
Found on the following pages (only first 10 pages are reported): https://appsecphoenix.com/ https://appsecphoenix.com/platform/ https://appsecphoenix.com/pricing-benefits/ https://appsecphoenix.com/integration/ https://appsecphoenix.com/resources/ https://appsecphoenix.com/blog/ https://appsecphoenix.com/company/ https://appsecphoenix.com/contact/ https://appsecphoenix.com/log4j-log4shell-overview/ https://appsecphoenix.com/request-a-demo/
Link to vulnerability
Created by AppSec Phoenix