Bootstrap – CVE-2018-14040

Home » Blog » Bootstrap – CVE-2018-14040

Description

Kayran has detected that the version of Bootstrap being used is vulnerable to Cross-site scripting (XSS).

Cross-site scripting (XSS) is possible through the collapse data-parent attribute. Also known as CVE-2018-14040.
This will allow the attacker to add and modify the data.

Severity/Score

CVSS Version 3.x – 6.1 Medium

Recommendation

To deal with CVE-2018-14040, update the version of the Bootstrap being used.
Make sure its version is 4.1.2 or higher.

Some claim that upgrading to version 3.4.1 would be enough. Depends on your personal choice.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14040

https://cwe.mitre.org/data/definitions/79.html

< Return to all Vulnerabilities

Networking? – Social Engineering

In our time, we know that socializing has a very high importance and that every person (almost) has a basic need to maintain certain “connection”

Your SQL got the I(njection)

We’ve talked about it before right? or am i the only one having a Deja-Vu? Or an SQL Injection? No on likes doctors, or needles,

Spywares – 007’ing Your Devices

We’ve talked about Malwares before. Let’s talk about one of the most dangerous types of malwares: Spywares. One of my favorite movie series is James

Terms and Topics in Cybersecurity that you should know

The Cybersecurity field is one of the fields that has been growing rapidly and steadily in recent years, as the demand for it grew more

What is a CWE ?

Similar to the article written on CVEs, in this article we will answer the questions :What is CWE ? and, what is the difference between

What is Kayran

Kayran scanner is helping all businesses, both SMBs and enterprises, to test their online assets and products for over 30,000+ vulnerabilities.Kayran’s mission is to make

WEB APPLICATION VULNERABILITY SCANNER