search

Security-Phoenix-demo / Damn-Vulnerable-Source-Code

The aim of the project is to develop intentionally vulnerable source code in various languages.
0 stars 1 forks source link

ASPHX-WEB-MEDIUM-Use of JavaScript Library with Known Vulnerability #33

Open IKarasynskyi-SPD opened 2 years ago

IKarasynskyi-SPD commented 2 years ago

Info

Application: app3 Component: Appsec Phoenix Website Sub component / Asset: https://appsecphoenix.com/

Details

Vulnerable javascript library: Bootstrap version: 4.0.0

Details: CVE-2018-14041: The data-target property of scrollspy in bootstrap versions on or above 4.0.0-alpha and before 4.1.2 are vulnerable to Cross-Site Scripting(XSS) attacks. Please refer to vendor documentation (https://github.com/twbs/bootstrap/issues/20184) for the latest security updates.

CVE-2018-14040: Bootstrap versions on or above 4.0.0-alpha and before 4.1.2 are vulnerable to Cross-Site Scripting(XSS) in collapse data-parent attribute. Please refer to vendor documentation (https://github.com/twbs/bootstrap/issues/20184) for latest security updates.

CVE-2018-14042: Bootstrap versions on or above 4.0.0-alpha and before 4.1.2 are vulnerable to Cross-Site Scripting(XSS) in data-container property of tooltip. Please refer to vendor documentation (https://github.com/twbs/bootstrap/issues/20184) for latest security updates.

Found on the following pages (only first 10 pages are reported): https://appsecphoenix.com/ https://appsecphoenix.com/platform/ https://appsecphoenix.com/pricing-benefits/ https://appsecphoenix.com/integration/ https://appsecphoenix.com/resources/ https://appsecphoenix.com/blog/ https://appsecphoenix.com/company/ https://appsecphoenix.com/contact/ https://appsecphoenix.com/log4j-log4shell-overview/ https://appsecphoenix.com/request-a-demo/

Risk Context

This vulnerability's risk is Medium because the base severity is High with a CVSS value of 7, the probability of exploitationin the wild is High and it isn't visible externally. This vulnerability is selected to fix because the application is outside risk tolerance.

Link to vulnerability

Created by AppSec Phoenix

IKarasynskyi-SPD commented 2 years ago

ff ll + 2022-06-16 07:02:50

IKarasynskyi-SPD commented 2 years ago

ff ll + 2022-06-16 07:04:24

IKarasynskyi-SPD commented 2 years ago

ff ll + 2022-06-16 07:04:42

IKarasynskyi-SPD commented 2 years ago

ff ll + 2022-06-16 07:51:33

IKarasynskyi-SPD commented 2 years ago

ff ll + 2022-06-16 07:55:56

IKarasynskyi-SPD commented 2 years ago

ff ll + 2022-06-17 09:51:54

IKarasynskyi-SPD commented 2 years ago

ff ll + 2022-06-22 10:20:08