CVE Vulnerability

CVE-2018-20677

In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

6.1 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://github.com/twbs/bootstrap/pull/27047 Patch Third Party Advisory
https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628 Issue Tracking Third Party Advisory
https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906 Issue Tracking Third Party Advisory
https://github.com/twbs/bootstrap/issues/27045 Issue Tracking Exploit
https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/ Release Notes Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:1456
https://access.redhat.com/errata/RHBA-2019:1076
https://access.redhat.com/errata/RHBA-2019:1570
https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E
https://access.redhat.com/errata/RHSA-2019:3023
https://access.redhat.com/errata/RHSA-2020:0132
https://access.redhat.com/errata/RHSA-2020:0133
https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E
https://www.tenable.com/security/tns-2021-14
Configurations

Configuration 1

cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*
Information

Published : 2019-01-09 05:29

Updated : 2021-07-22 06:15

NVD link : CVE-2018-20677

Mitre link : CVE-2018-20677

Products Affected
No products.
CWE
CWE-79