Cross-site Scripting (XSS) Affecting org.webjars.bower:bootstrap package, versions [4.0.0,4.1.2)
Threat Intelligence
EPSS
0.4% (75th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-ORGWEBJARSBOWER-479489
- published 12 Jun 2018
- disclosed 29 May 2018
- credit 1Jesper1
Introduced: 29 May 2018
CVE-2018-14041 Open this link in a new tabHow to fix?
Upgrade org.webjars.bower:bootstrap
to version 4.1.2 or higher.
Overview
org.webjars.bower:bootstrap is a popular front-end framework for faster and easier web development.
Affected versions of this package are vulnerable to Cross-site Scripting (XSS)
via the tooltip
, collapse
and scrollspy
plugins.
Details
CVSS Scores
version 3.1