Details:
CVE-2018-14041: The data-target property of scrollspy in bootstrap versions on or above 4.0.0-alpha and before 4.1.2 are vulnerable to Cross-Site Scripting(XSS) attacks. Please refer to vendor documentation (https://github.com/twbs/bootstrap/issues/20184) for the latest security updates.
CVE-2018-14040: Bootstrap versions on or above 4.0.0-alpha and before 4.1.2 are vulnerable to Cross-Site Scripting(XSS) in collapse data-parent attribute. Please refer to vendor documentation (https://github.com/twbs/bootstrap/issues/20184) for latest security updates.
CVE-2018-14042: Bootstrap versions on or above 4.0.0-alpha and before 4.1.2 are vulnerable to Cross-Site Scripting(XSS) in data-container property of tooltip. Please refer to vendor documentation (https://github.com/twbs/bootstrap/issues/20184) for latest security updates.
This vulnerability's risk is Medium because the base severity is High
with a CVSS value of 7, the probability of exploitationin the wild is High and it isn't visible externally.
This vulnerability is selected to fix because the application is outside risk tolerance.
Info
Application: app3 Component: Appsec Phoenix Website Sub component / Asset: https://appsecphoenix.com/
Details
Vulnerable javascript library: Bootstrap version: 4.0.0
Details: CVE-2018-14041: The data-target property of scrollspy in bootstrap versions on or above 4.0.0-alpha and before 4.1.2 are vulnerable to Cross-Site Scripting(XSS) attacks. Please refer to vendor documentation (https://github.com/twbs/bootstrap/issues/20184) for the latest security updates.
CVE-2018-14040: Bootstrap versions on or above 4.0.0-alpha and before 4.1.2 are vulnerable to Cross-Site Scripting(XSS) in collapse data-parent attribute. Please refer to vendor documentation (https://github.com/twbs/bootstrap/issues/20184) for latest security updates.
CVE-2018-14042: Bootstrap versions on or above 4.0.0-alpha and before 4.1.2 are vulnerable to Cross-Site Scripting(XSS) in data-container property of tooltip. Please refer to vendor documentation (https://github.com/twbs/bootstrap/issues/20184) for latest security updates.
Found on the following pages (only first 10 pages are reported): https://appsecphoenix.com/ https://appsecphoenix.com/platform/ https://appsecphoenix.com/pricing-benefits/ https://appsecphoenix.com/integration/ https://appsecphoenix.com/resources/ https://appsecphoenix.com/blog/ https://appsecphoenix.com/company/ https://appsecphoenix.com/contact/ https://appsecphoenix.com/log4j-log4shell-overview/ https://appsecphoenix.com/request-a-demo/
Risk Context
This vulnerability's risk is Medium because the base severity is High with a CVSS value of 7, the probability of exploitationin the wild is High and it isn't visible externally. This vulnerability is selected to fix because the application is outside risk tolerance.
Link to vulnerability
Created by AppSec Phoenix