CVE-2018-20676

MEDIUM

Bootstrap < 3.4.0 - Cross-Site Scripting via Tooltip data-viewport Attribute

Title source: llm
STIX 2.1

Description

In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.

References (13)

Core 13
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:1456
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHBA-2019:1570
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:3023
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0132
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0133
Third Party Advisory x_refsource_confirm
https://www.tenable.com/security/tns-2021-14
Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/twbs/bootstrap/issues/27044
Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906
Release Notes, Third Party Advisory x_refsource_misc
https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/
Patch, Third Party Advisory x_refsource_misc
https://github.com/twbs/bootstrap/pull/27047
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHBA-2019:1076

Scores

CVSS v3 6.1
EPSS 0.0554
EPSS Percentile 90.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (8)
getbootstrap/bootstrap < 3.4.0
npm/bootstrap 0 - 3.4.0npm
npm/bootstrap-sass 0 - 3.4.0npm
nuget/bootstrap 0 - 3.4.0NuGet
org.webjars/bootstrap 0 - 3.4.0Maven
rubygems/bootstrap 0 - 3.4.0RubyGems
rubygems/bootstrap-sass 0 - 3.4.0RubyGems
twbs/bootstrap 0 - 3.4.0Packagist
Published Jan 09, 2019
Tracked Since Feb 18, 2026