Bootstrap – CVE-2018-14040

Description

Kayran has detected that the version of Bootstrap being used is vulnerable to Cross-site scripting (XSS).

Cross-site scripting (XSS) is possible through the collapse data-parent attribute. Also known as CVE-2018-14040.
This will allow the attacker to add and modify the data.

Severity/Score

CVSS Version 3.x – 6.1 Medium

Recommendation

To deal with CVE-2018-14040, update the version of the Bootstrap being used.
Make sure its version is 4.1.2 or higher.

Some claim that upgrading to version 3.4.1 would be enough. Depends on your personal choice.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14040

https://cwe.mitre.org/data/definitions/79.html

< Return to all Vulnerabilities

What is a CWE ?

Similar to the article written on CVEs, in this article we will answer the questions :What is CWE ? and, what is the difference between

Read More »

What is Kayran

Kayran scanner is helping all businesses, both SMBs and enterprises, to test their online assets and products for over 30,000+ vulnerabilities.Kayran’s mission is to make

Read More »