CVE-2018-14040
Description
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
Risk Information
Base Score
6.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
1.633
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2.4 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 12.0.3 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 20.0.0.2 | Windows |
| Vulnerabilities CVE-2018-14040,CVE-2018-14042,CVE-2018-14041 are fixed in WebJars - bootstrap 4.1.2 | Windows |
| Vulnerabilities CVE-2018-14040,CVE-2018-20677,CVE-2018-20676,CVE-2016-10735,CVE-2018-14042 are fixed in WebJars - bootstrap 3.4.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 19.0.0.3 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 21.0.3.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 22.0.2 | Windows |
| Vulnerabilities CVE-2018-14040,CVE-2018-14042,CVE-2018-14041 are fixed in Ruby-bootstrap 4.1.2 | Windows |
| Vulnerabilities CVE-2018-14040,CVE-2018-14042 are fixed in Ruby-bootstrap 3.4.0 | Windows |
| Vulnerabilities CVE-2018-14040,CVE-2018-14042,CVE-2018-14041 are fixed in Nuget - bootstrap 4.1.2 | Windows |
| Vulnerabilities CVE-2018-14040,CVE-2018-14042 are fixed in Nuget - bootstrap 3.4.0 | Windows |
| Vulnerabilities CVE-2018-14040,CVE-2018-14042 are fixed in Ruby-bootstrap-sass 3.4.0 | Windows |
| Vulnerabilities CVE-2018-14040,CVE-2018-14042,CVE-2018-14041 are fixed in Nuget - bootstrap.sass 4.1.2 | Windows |
| (RHSA-2020:3936) ipa security, bug fix, and enhancement update ipa-client-4.6.8-5.el7.x86_64.rpm | Linux |
| (RHSA-2020:3936) ipa security, bug fix, and enhancement update ipa-client-common-4.6.8-5.el7.noarch.rpm | Linux |
| (RHSA-2020:3936) ipa security, bug fix, and enhancement update ipa-common-4.6.8-5.el7.noarch.rpm | Linux |
| (RHSA-2020:3936) ipa security, bug fix, and enhancement update ipa-python-compat-4.6.8-5.el7.noarch.rpm | Linux |
| (RHSA-2020:3936) ipa security, bug fix, and enhancement update ipa-server-4.6.8-5.el7.x86_64.rpm | Linux |
| (RHSA-2020:3936) ipa security, bug fix, and enhancement update ipa-server-common-4.6.8-5.el7.noarch.rpm | Linux |
| (RHSA-2020:3936) ipa security, bug fix, and enhancement update ipa-server-dns-4.6.8-5.el7.noarch.rpm | Linux |
| (RHSA-2020:3936) ipa security, bug fix, and enhancement update ipa-server-trust-ad-4.6.8-5.el7.x86_64.rpm | Linux |
| (RHSA-2020:3936) ipa security, bug fix, and enhancement update python2-ipaclient-4.6.8-5.el7.noarch.rpm | Linux |
| (RHSA-2020:3936) ipa security, bug fix, and enhancement update python2-ipalib-4.6.8-5.el7.noarch.rpm | Linux |
| (RHSA-2020:3936) ipa security, bug fix, and enhancement update python2-ipaserver-4.6.8-5.el7.noarch.rpm | Linux |
| (RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update apache-commons-net-3.6-3.module+el8.3.0+6805+72837426.noarch.rpm | Linux |
| (RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update jss-4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64.rpm | Linux |
| (RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update jss-debugsource-4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64.rpm | Linux |
| (RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update jss-javadoc-4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64.rpm | Linux |
| (RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update ldapjdk-4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch.rpm | Linux |
| (RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update ldapjdk-javadoc-4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch.rpm | Linux |
| (RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update pki-base-10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch.rpm | Linux |
| (RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update pki-base-java-10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch.rpm | Linux |
| (RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update pki-ca-10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch.rpm | Linux |
| (RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update pki-core-debugsource-10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64.rpm | Linux |
| (RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update pki-kra-10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch.rpm | Linux |
| (RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update pki-server-10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch.rpm | Linux |
| (RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update pki-servlet-4.0-api-9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch.rpm | Linux |
| (RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update pki-servlet-engine-9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch.rpm | Linux |
| (RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update pki-symkey-10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64.rpm | Linux |
| (RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update pki-tools-10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64.rpm | Linux |
| (RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update python3-pki-10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch.rpm | Linux |
| (RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update resteasy-3.0.26-3.module+el8.2.0+5723+4574fbff.noarch.rpm | Linux |
| (RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update stax-ex-1.7.7-8.module+el8.2.0+5723+4574fbff.noarch.rpm | Linux |
| (RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update tomcatjss-7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch.rpm | Linux |
| (RHSA-2020:4847) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update xmlstreambuffer-1.5.4-8.module+el8.2.0+5723+4574fbff.noarch.rpm | Linux |
| pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:4847) slf4j-1.7.25-4.module+el8.5.0+697+f586bb30.noarch.rpm | Linux |
| pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:4847) velocity-1.7-24.module+el8.3.0+53+ea062990.noarch.rpm | Linux |
| pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:4847) xalan-j2-2.7.1-38.module+el8.3.0+53+ea062990.noarch.rpm | Linux |
| pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:4847) javassist-3.18.1-8.module+el8.3.0+53+ea062990.noarch.rpm | Linux |
| pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:4847) xerces-j2-2.11.0-34.module+el8.3.0+53+ea062990.noarch.rpm | Linux |
| pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:4847) javassist-javadoc-3.18.1-8.module+el8.3.0+53+ea062990.noarch.rpm | Linux |
| pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:4847) apache-commons-net-3.6-3.module+el8.3.0+53+ea062990.noarch.rpm | Linux |
| pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:4847) apache-commons-lang-2.6-21.module+el8.3.0+53+ea062990.noarch.rpm | Linux |
| pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:4847) xml-commons-resolver-1.2-26.module+el8.3.0+53+ea062990.noarch.rpm | Linux |
| pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:4847) apache-commons-collections-3.2.2-10.module+el8.3.0+53+ea062990.noarch.rpm | Linux |
| pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2020:4847) jakarta-commons-httpclient-3.1-28.module+el8.3.0+53+ea062990.noarch.rpm | Linux |
| Apache-commons-collections update (ELSA-2020-4847) apache-commons-collections-3.2.2-10.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Apache-commons-lang update (ELSA-2020-4847) apache-commons-lang-2.6-21.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Apache-commons-net update (ELSA-2020-4847) apache-commons-net-3.6-3.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Bea-stax-api update (ELSA-2020-4847) bea-stax-api-1.2.0-16.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Glassfish-fastinfoset update (ELSA-2020-4847) glassfish-fastinfoset-1.2.13-9.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Glassfish-jaxb-api update (ELSA-2020-4847) glassfish-jaxb-api-2.2.12-8.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Glassfish-jaxb-core update (ELSA-2020-4847) glassfish-jaxb-core-2.2.11-11.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Glassfish-jaxb-runtime update (ELSA-2020-4847) glassfish-jaxb-runtime-2.2.11-11.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Glassfish-jaxb-txw2 update (ELSA-2020-4847) glassfish-jaxb-txw2-2.2.11-11.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Jackson-annotations update (ELSA-2020-4847) jackson-annotations-2.10.0-1.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Jackson-core update (ELSA-2020-4847) jackson-core-2.10.0-1.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Jackson-databind update (ELSA-2020-4847) jackson-databind-2.10.0-1.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Jackson-jaxrs-json-provider update (ELSA-2020-4847) jackson-jaxrs-json-provider-2.9.9-1.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Jackson-jaxrs-providers update (ELSA-2020-4847) jackson-jaxrs-providers-2.9.9-1.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Jackson-module-jaxb-annotations update (ELSA-2020-4847) jackson-module-jaxb-annotations-2.7.6-4.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Jakarta-commons-httpclient update (ELSA-2020-4847) jakarta-commons-httpclient-3.1-28.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Javassist update (ELSA-2020-4847) javassist-3.18.1-8.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Javassist-javadoc update (ELSA-2020-4847) javassist-javadoc-3.18.1-8.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Jss update (ELSA-2020-4847) jss-4.7.3-1.module+el8.3.0+7857+983338ee.x86_64.rpm | Linux |
| Jss-javadoc update (ELSA-2020-4847) jss-javadoc-4.7.3-1.module+el8.3.0+7857+983338ee.x86_64.rpm | Linux |
| Ldapjdk update (ELSA-2020-4847) ldapjdk-4.22.0-1.module+el8.3.0+7857+983338ee.noarch.rpm | Linux |
| Ldapjdk-javadoc update (ELSA-2020-4847) ldapjdk-javadoc-4.22.0-1.module+el8.3.0+7857+983338ee.noarch.rpm | Linux |
| Pki-base update (ELSA-2020-4847) pki-base-10.9.4-1.0.1.module+el8.3.0+7857+983338ee.noarch.rpm | Linux |
| Pki-base-java update (ELSA-2020-4847) pki-base-java-10.9.4-1.0.1.module+el8.3.0+7857+983338ee.noarch.rpm | Linux |
| Pki-ca update (ELSA-2020-4847) pki-ca-10.9.4-1.0.1.module+el8.3.0+7857+983338ee.noarch.rpm | Linux |
| Pki-kra update (ELSA-2020-4847) pki-kra-10.9.4-1.0.1.module+el8.3.0+7857+983338ee.noarch.rpm | Linux |
| Pki-server update (ELSA-2020-4847) pki-server-10.9.4-1.0.1.module+el8.3.0+7857+983338ee.noarch.rpm | Linux |
| Pki-servlet-4.0-api update (ELSA-2020-4847) pki-servlet-4.0-api-9.0.30-1.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Pki-servlet-engine update (ELSA-2020-4847) pki-servlet-engine-9.0.30-1.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Pki-symkey update (ELSA-2020-4847) pki-symkey-10.9.4-1.0.1.module+el8.3.0+7857+983338ee.x86_64.rpm | Linux |
| Pki-tools update (ELSA-2020-4847) pki-tools-10.9.4-1.0.1.module+el8.3.0+7857+983338ee.x86_64.rpm | Linux |
| Python-nss-doc update (ELSA-2020-4847) python-nss-doc-1.0.1-10.module+el8.3.0+7697+44932688.x86_64.rpm | Linux |
| Python3-nss update (ELSA-2020-4847) python3-nss-1.0.1-10.module+el8.3.0+7697+44932688.x86_64.rpm | Linux |
| Python3-pki update (ELSA-2020-4847) python3-pki-10.9.4-1.0.1.module+el8.3.0+7857+983338ee.noarch.rpm | Linux |
| RelaxngDatatype update (ELSA-2020-4847) relaxngDatatype-2011.1-7.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Resteasy update (ELSA-2020-4847) resteasy-3.0.26-3.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Slf4j update (ELSA-2020-4847) slf4j-1.7.25-4.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Slf4j-jdk14 update (ELSA-2020-4847) slf4j-jdk14-1.7.25-4.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Stax-ex update (ELSA-2020-4847) stax-ex-1.7.7-8.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Tomcatjss update (ELSA-2020-4847) tomcatjss-7.5.0-1.module+el8.3.0+7857+983338ee.noarch.rpm | Linux |
| Velocity update (ELSA-2020-4847) velocity-1.7-24.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Xalan-j2 update (ELSA-2020-4847) xalan-j2-2.7.1-38.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Xerces-j2 update (ELSA-2020-4847) xerces-j2-2.11.0-34.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Xml-commons-apis update (ELSA-2020-4847) xml-commons-apis-1.4.01-25.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Xml-commons-resolver update (ELSA-2020-4847) xml-commons-resolver-1.2-26.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Xmlstreambuffer update (ELSA-2020-4847) xmlstreambuffer-1.5.4-8.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Xsom update (ELSA-2020-4847) xsom-0-19.20110809svn.module+el8.3.0+7697+44932688.noarch.rpm | Linux |
| Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update python3-qrcode-5.1-12.module_el8.6.0+2737+7e73ea90.noarch.rpm | Linux |
| Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update python3-qrcode-core-5.1-12.module_el8.6.0+2737+7e73ea90.noarch.rpm | Linux |
| Vulnerabilities CVE-2018-14040,CVE-2018-14042,CVE-2018-14041 are fixed in WebJars - bootstrap for Linux 4.1.2 | Linux |
| Vulnerabilities CVE-2018-14040,CVE-2018-20677,CVE-2018-20676,CVE-2016-10735,CVE-2018-14042 are fixed in WebJars - bootstrap for Linux 3.4.0 | Linux |
| Vulnerabilities CVE-2018-14040,CVE-2018-14042,CVE-2018-14041 are fixed in Ruby-bootstrap for Linux 4.1.2 | Linux |
| Vulnerabilities CVE-2018-14040,CVE-2018-14042 are fixed in Ruby-bootstrap for Linux 3.4.0 | Linux |
| Vulnerabilities CVE-2018-14040,CVE-2018-14042,CVE-2018-14041 are fixed in Nuget - bootstrap for Linux 4.1.2 | Linux |
| Vulnerabilities CVE-2018-14040,CVE-2018-14042 are fixed in Nuget - bootstrap for Linux 3.4.0 | Linux |
| Vulnerabilities CVE-2018-14040,CVE-2018-14042 are fixed in Ruby-bootstrap-sass for Linux 3.4.0 | Linux |
| Vulnerabilities CVE-2018-14040,CVE-2018-14042,CVE-2018-14041 are fixed in Nuget - bootstrap.sass for Linux 4.1.2 | Linux |
| Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability (CVE-2018-14040) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234