Bootstrap – CVE-2018-14040


Kayran has detected that the version of Bootstrap being used is vulnerable to Cross-site scripting (XSS).

Cross-site scripting (XSS) is possible through the collapse data-parent attribute. Also known as CVE-2018-14040.
This will allow the attacker to add and modify the data.


CVSS Version 3.x – 6.1 Medium


To deal with CVE-2018-14040, update the version of the Bootstrap being used.
Make sure its version is 4.1.2 or higher.

Some claim that upgrading to version 3.4.1 would be enough. Depends on your personal choice.


< Return to all Vulnerabilities

What is Kayran

Kayran scanner is helping all businesses, both SMBs and enterprises, to test their online assets and products for over 30,000+ vulnerabilities.Kayran’s mission is to make

Read More »

The Dark Web

Let’s talk about the darker and more mysterious side of the internet, also known as The Dark Web. You’ve probably heard about it, whether it’s

Read More »


You must have once wondered what HTTP means and what is the difference between that ugly word to HTTPS, and if not, then please read

Read More »