{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-07-13T00:00:00", "descriptions": [{"lang": "en", "value": "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-07-22T17:06:53", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[debian-lts-announce] 20180827 [SECURITY] [DLA 1479-1] twitter-bootstrap3 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html"}, {"name": "20190509 dotCMS v5.1.1 Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/May/18"}, {"name": "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2019/May/11"}, {"name": "20190510 dotCMS v5.1.1 Vulnerabilities", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2019/May/10"}, {"name": "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2019/May/13"}, {"name": "[superset-dev] 20190926 Re: [VOTE] Release Superset 0.34.1 based on Superset 0.34.1rc1", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3E"}, {"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"}, {"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"}, {"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"}, {"name": "[hbase-issues] 20201116 [GitHub] [hbase] symat opened a new pull request #2661: HBASE-25261 Upgrade Bootstrap to 3.4.1", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714%40%3Cissues.hbase.apache.org%3E"}, {"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/twbs/bootstrap/pull/26630"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/twbs/bootstrap/issues/26423"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/twbs/bootstrap/issues/26625"}, {"tags": ["x_refsource_MISC"], "url": "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.tenable.com/security/tns-2021-14"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-14040", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[debian-lts-announce] 20180827 [SECURITY] [DLA 1479-1] twitter-bootstrap3 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html"}, {"name": "20190509 dotCMS v5.1.1 Vulnerabilities", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/May/18"}, {"name": "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/11"}, {"name": "20190510 dotCMS v5.1.1 Vulnerabilities", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/10"}, {"name": "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/May/13"}, {"name": "[superset-dev] 20190926 Re: [VOTE] Release Superset 0.34.1 based on Superset 0.34.1rc1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E"}, {"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"}, {"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"}, {"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"}, {"name": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"}, {"name": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"}, {"name": "[hbase-issues] 20201116 [GitHub] [hbase] symat opened a new pull request #2661: HBASE-25261 Upgrade Bootstrap to 3.4.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714@%3Cissues.hbase.apache.org%3E"}, {"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E"}, {"name": "https://www.oracle.com/security-alerts/cpuApr2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"name": "https://github.com/twbs/bootstrap/pull/26630", "refsource": "MISC", "url": "https://github.com/twbs/bootstrap/pull/26630"}, {"name": "https://github.com/twbs/bootstrap/issues/26423", "refsource": "MISC", "url": "https://github.com/twbs/bootstrap/issues/26423"}, {"name": "https://github.com/twbs/bootstrap/issues/26625", "refsource": "MISC", "url": "https://github.com/twbs/bootstrap/issues/26625"}, {"name": "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/", "refsource": "MISC", "url": "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/"}, {"name": "https://www.tenable.com/security/tns-2021-14", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2021-14"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T09:21:41.257Z"}, "title": "CVE Program Container", "references": [{"name": "[debian-lts-announce] 20180827 [SECURITY] [DLA 1479-1] twitter-bootstrap3 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html"}, {"name": "20190509 dotCMS v5.1.1 Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/May/18"}, {"name": "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2019/May/11"}, {"name": "20190510 dotCMS v5.1.1 Vulnerabilities", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2019/May/10"}, {"name": "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2019/May/13"}, {"name": "[superset-dev] 20190926 Re: [VOTE] Release Superset 0.34.1 based on Superset 0.34.1rc1", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3E"}, {"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"}, {"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"}, {"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"}, {"name": "[hbase-issues] 20201116 [GitHub] [hbase] symat opened a new pull request #2661: HBASE-25261 Upgrade Bootstrap to 3.4.1", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714%40%3Cissues.hbase.apache.org%3E"}, {"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/twbs/bootstrap/pull/26630"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/twbs/bootstrap/issues/26423"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/twbs/bootstrap/issues/26625"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.tenable.com/security/tns-2021-14"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-14040", "datePublished": "2018-07-13T14:00:00", "dateReserved": "2018-07-13T00:00:00", "dateUpdated": "2024-08-05T09:21:41.257Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*", "matchCriteriaId": "C5E9597E-65BB-4E8A-B0E8-467D2903511B", "versionEndExcluding": "3.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*", "matchCriteriaId": "E610C4F8-4A0A-4D0C-8B4F-0E396A00D5BF", "versionEndExcluding": "4.1.2", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*", "matchCriteriaId": "81E24E22-826E-478E-916F-B84B6E4A22AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*", "matchCriteriaId": "09E30D8D-85B8-42BF-91B7-005A74D78770", "vulnerable": true}, {"criteria": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*", "matchCriteriaId": "14505CBF-3CA7-4F05-8492-AED273CDEC74", "vulnerable": true}, {"criteria": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*", "matchCriteriaId": "4D640EBF-FA2A-4D64-A520-40E13306E3D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*", "matchCriteriaId": "D974C26E-F9FC-472B-85BC-931BFFB74528", "vulnerable": true}, {"criteria": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*", "matchCriteriaId": "05994C85-5F6D-4C09-A700-49CF893292BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*", "matchCriteriaId": "C5E15817-0A5D-4C30-9A3C-F85F275E78DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "F12E3236-799A-46CB-BE07-E5A075D04BD5", "vulnerable": true}, {"criteria": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "E0A4754B-68D4-41C4-887F-E012538130F7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute."}, {"lang": "es", "value": "En Bootstrap en versiones anteriores a la 4.1.2, es posible Cross-Site Scripting (XSS) en el atributo collapse data-parent."}], "id": "CVE-2018-14040", "lastModified": "2023-11-07T02:52:53.940", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-07-13T14:29:00.213", "references": [{"source": "cve@mitre.org", "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"}, {"source": "cve@mitre.org", "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"}, {"source": "cve@mitre.org", "url": "http://seclists.org/fulldisclosure/2019/May/10"}, {"source": "cve@mitre.org", "url": "http://seclists.org/fulldisclosure/2019/May/11"}, {"source": "cve@mitre.org", "url": "http://seclists.org/fulldisclosure/2019/May/13"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/twbs/bootstrap/issues/26423"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/twbs/bootstrap/issues/26625"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/twbs/bootstrap/pull/26630"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714%40%3Cissues.hbase.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html"}, {"source": "cve@mitre.org", "url": "https://seclists.org/bugtraq/2019/May/18"}, {"source": "cve@mitre.org", "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"source": "cve@mitre.org", "url": "https://www.tenable.com/security/tns-2021-14"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2020:3936", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "ipa-0:4.6.8-5.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-09-29T00:00:00Z"}, {"advisory": "RHSA-2020:4670", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "idm:client-8030020200923172426.05ac3f11", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-11-04T00:00:00Z"}, {"advisory": "RHSA-2020:4670", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "idm:DL1-8030020200923172343.9c827e52", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-11-04T00:00:00Z"}, {"advisory": "RHSA-2020:4847", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "pki-core:10.6-8030020200911215836.5ff1562f", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-11-04T00:00:00Z"}, {"advisory": "RHSA-2020:4847", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "pki-deps:10.6-8030020200527165326.30b713e6", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-11-04T00:00:00Z"}, {"advisory": "RHSA-2023:0556", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "impact": "low", "package": "bootstrap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1.0", "release_date": "2023-01-31T00:00:00Z"}, {"advisory": "RHSA-2023:0553", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "impact": "low", "package": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date": "2023-01-31T00:00:00Z"}, {"advisory": "RHSA-2023:0554", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "impact": "low", "package": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date": "2023-01-31T00:00:00Z"}, {"advisory": "RHSA-2023:0552", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "impact": "low", "package": "eap7-hal-console-0:3.3.16-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date": "2023-01-31T00:00:00Z"}, {"advisory": "RHSA-2023:1049", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6", "package": "keycloak-theme", "product_name": "Red Hat Single Sign-On 7", "release_date": "2023-03-01T00:00:00Z"}, {"advisory": "RHSA-2023:1043", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "package": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso", "product_name": "Red Hat Single Sign-On 7.6 for RHEL 7", "release_date": "2023-03-01T00:00:00Z"}, {"advisory": "RHSA-2023:1044", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "package": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso", "product_name": "Red Hat Single Sign-On 7.6 for RHEL 8", "release_date": "2023-03-01T00:00:00Z"}, {"advisory": "RHSA-2023:1045", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "package": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso", "product_name": "Red Hat Single Sign-On 7.6 for RHEL 9", "release_date": "2023-03-01T00:00:00Z"}, {"advisory": "RHSA-2023:1047", "cpe": "cpe:/a:redhat:rhosemc:1.0::el8", "package": "rh-sso-7/sso76-openshift-rhel8:7.6-20", "product_name": "RHEL-8 based Middleware Containers", "release_date": "2023-03-01T00:00:00Z"}], "bugzilla": {"description": "bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute", "id": "1601614", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601614"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified"}, "cwe": "CWE-79", "details": ["In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute."], "name": "CVE-2018-14040", "package_state": [{"cpe": "cpe:/a:redhat:cloudforms_managementengine:5", "fix_state": "Not affected", "package_name": "bootstrap-sass", "product_name": "CloudForms Management Engine 5"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Not affected", "package_name": "bootstrap", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "fix_state": "Will not fix", "package_name": "bootstrap", "product_name": "Red Hat Decision Manager 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "pki-core", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:openstack:10", "fix_state": "Will not fix", "package_name": "python-XStatic-Bootstrap-SCSS", "product_name": "Red Hat OpenStack Platform 10 (Newton)"}, {"cpe": "cpe:/a:redhat:openstack:12", "fix_state": "Affected", "impact": "low", "package_name": "python-XStatic-Bootstrap-SCSS", "product_name": "Red Hat OpenStack Platform 12 (Pike)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Will not fix", "package_name": "python-XStatic-Bootstrap-SCSS", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:14", "fix_state": "Affected", "impact": "low", "package_name": "python-XStatic-Bootstrap-SCSS", "product_name": "Red Hat OpenStack Platform 14 (Rocky)"}, {"cpe": "cpe:/a:redhat:openstack:8", "fix_state": "Will not fix", "package_name": "python-XStatic-Bootstrap-SCSS", "product_name": "Red Hat OpenStack Platform 8 (Liberty)"}, {"cpe": "cpe:/a:redhat:openstack:9", "fix_state": "Will not fix", "package_name": "python-XStatic-Bootstrap-SCSS", "product_name": "Red Hat OpenStack Platform 9 (Mitaka)"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Will not fix", "package_name": "bootstrap", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:network_satellite:5", "fix_state": "Will not fix", "package_name": "bootstrap", "product_name": "Red Hat Satellite 5"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "ruby193-rubygem-bootstrap-sass", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Will not fix", "package_name": "ovirt-js-dependencies", "product_name": "Red Hat Virtualization 4"}], "public_date": "2018-05-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-14040\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14040"], "statement": "Red Hat Satellite 6.2 and newer versions don't use the bootstrap library, hence are not affected by this flaw.\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", "threat_severity": "Moderate", "upstream_fix": "bootstrap 4.1.2, bootstrap 3.4.1"}