csaf_microsoft - msrc_cve-2018-14040

MSRC_CVE-2018-14040

Vulnerability from csaf_microsoft - Published: 2018-07-02 00:00 - Updated: 2025-11-25 01:01

Summary

In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attributeIn Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute

Notes

Additional Resources

To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer

The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2018-14040 In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attributeIn Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2018/msrc_cve-2018-14040.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attributeIn Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute",
    "tracking": {
      "current_release_date": "2025-11-25T01:01:37.000Z",
      "generator": {
        "date": "2025-12-30T00:05:43.233Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2018-14040",
      "initial_release_date": "2018-07-02T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2025-09-03T22:09:33.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        },
        {
          "date": "2025-11-25T01:01:37.000Z",
          "legacy_version": "2",
          "number": "2",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3.0",
                "product": {
                  "name": "Azure Linux 3.0",
                  "product_id": "17084"
                }
              },
              {
                "category": "product_version",
                "name": "2.0",
                "product": {
                  "name": "CBL Mariner 2.0",
                  "product_id": "17086"
                }
              },
              {
                "category": "product_version",
                "name": "1.0",
                "product": {
                  "name": "CBL Mariner 1.0",
                  "product_id": "16820"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "azl3 fluent-bit 3.1.9-6",
                "product": {
                  "name": "azl3 fluent-bit 3.1.9-6",
                  "product_id": "2"
                }
              },
              {
                "category": "product_version_range",
                "name": "cbl2 fluent-bit 3.0.6-4",
                "product": {
                  "name": "cbl2 fluent-bit 3.0.6-4",
                  "product_id": "4"
                }
              }
            ],
            "category": "product_name",
            "name": "fluent-bit"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "cbl2 fmt 8.1.1-1",
                "product": {
                  "name": "cbl2 fmt 8.1.1-1",
                  "product_id": "5"
                }
              }
            ],
            "category": "product_name",
            "name": "fmt"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003ccm1 boost 1.66.0-4",
                "product": {
                  "name": "\u003ccm1 boost 1.66.0-4",
                  "product_id": "11"
                }
              },
              {
                "category": "product_version",
                "name": "cm1 boost 1.66.0-4",
                "product": {
                  "name": "cm1 boost 1.66.0-4",
                  "product_id": "16947"
                }
              }
            ],
            "category": "product_name",
            "name": "boost"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003ccbl2 reaper 3.1.1-1",
                "product": {
                  "name": "\u003ccbl2 reaper 3.1.1-1",
                  "product_id": "10"
                }
              },
              {
                "category": "product_version",
                "name": "cbl2 reaper 3.1.1-1",
                "product": {
                  "name": "cbl2 reaper 3.1.1-1",
                  "product_id": "16948"
                }
              }
            ],
            "category": "product_name",
            "name": "reaper"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "azl3 ceph 18.2.2-11",
                "product": {
                  "name": "azl3 ceph 18.2.2-11",
                  "product_id": "3"
                }
              },
              {
                "category": "product_version_range",
                "name": "cbl2 ceph 16.2.10-10",
                "product": {
                  "name": "cbl2 ceph 16.2.10-10",
                  "product_id": "1"
                }
              }
            ],
            "category": "product_name",
            "name": "ceph"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "azl3 pytorch 2.2.2-7",
                "product": {
                  "name": "azl3 pytorch 2.2.2-7",
                  "product_id": "8"
                }
              },
              {
                "category": "product_version_range",
                "name": "cbl2 pytorch 2.0.0-9",
                "product": {
                  "name": "cbl2 pytorch 2.0.0-9",
                  "product_id": "6"
                }
              }
            ],
            "category": "product_name",
            "name": "pytorch"
          },
          {
            "category": "product_name",
            "name": "azl3 fontawesome4-fonts 4.7.0-12",
            "product": {
              "name": "azl3 fontawesome4-fonts 4.7.0-12",
              "product_id": "7"
            }
          },
          {
            "category": "product_name",
            "name": "azl3 mozjs 102.15.1-1",
            "product": {
              "name": "azl3 mozjs 102.15.1-1",
              "product_id": "9"
            }
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 fontawesome4-fonts 4.7.0-12 as a component of Azure Linux 3.0",
          "product_id": "17084-7"
        },
        "product_reference": "7",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 fluent-bit 3.1.9-6 as a component of Azure Linux 3.0",
          "product_id": "17084-2"
        },
        "product_reference": "2",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 fluent-bit 3.0.6-4 as a component of CBL Mariner 2.0",
          "product_id": "17086-4"
        },
        "product_reference": "4",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 fmt 8.1.1-1 as a component of CBL Mariner 2.0",
          "product_id": "17086-5"
        },
        "product_reference": "5",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ccm1 boost 1.66.0-4 as a component of CBL Mariner 1.0",
          "product_id": "16820-11"
        },
        "product_reference": "11",
        "relates_to_product_reference": "16820"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cm1 boost 1.66.0-4 as a component of CBL Mariner 1.0",
          "product_id": "16947-16820"
        },
        "product_reference": "16947",
        "relates_to_product_reference": "16820"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ccbl2 reaper 3.1.1-1 as a component of CBL Mariner 2.0",
          "product_id": "17086-10"
        },
        "product_reference": "10",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 reaper 3.1.1-1 as a component of CBL Mariner 2.0",
          "product_id": "16948-17086"
        },
        "product_reference": "16948",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 mozjs 102.15.1-1 as a component of Azure Linux 3.0",
          "product_id": "17084-9"
        },
        "product_reference": "9",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 ceph 18.2.2-11 as a component of Azure Linux 3.0",
          "product_id": "17084-3"
        },
        "product_reference": "3",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 pytorch 2.2.2-7 as a component of Azure Linux 3.0",
          "product_id": "17084-8"
        },
        "product_reference": "8",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 ceph 16.2.10-10 as a component of CBL Mariner 2.0",
          "product_id": "17086-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 pytorch 2.0.0-9 as a component of CBL Mariner 2.0",
          "product_id": "17086-6"
        },
        "product_reference": "6",
        "relates_to_product_reference": "17086"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-14040",
      "flags": [
        {
          "label": "component_not_present",
          "product_ids": [
            "17084-9"
          ]
        },
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "17084-7"
          ]
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "mitre",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "fixed": [
          "16947-16820",
          "16948-17086"
        ],
        "known_affected": [
          "17084-2",
          "17086-4",
          "17086-5",
          "16820-11",
          "17086-10",
          "17084-3",
          "17084-8",
          "17086-1",
          "17086-6"
        ],
        "known_not_affected": [
          "17084-7",
          "17084-9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2018-14040 In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attributeIn Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2018/msrc_cve-2018-14040.json"
        }
      ],
      "remediations": [
        {
          "category": "none_available",
          "date": "2025-09-03T22:09:33.000Z",
          "details": "There is no fix available for this vulnerability as of now",
          "product_ids": [
            "17084-2"
          ]
        },
        {
          "category": "none_available",
          "date": "2025-09-03T22:09:33.000Z",
          "details": "There is no fix available for this vulnerability as of now",
          "product_ids": [
            "17086-4"
          ]
        },
        {
          "category": "none_available",
          "date": "2025-09-03T22:09:33.000Z",
          "details": "There is no fix available for this vulnerability as of now",
          "product_ids": [
            "17086-5"
          ]
        },
        {
          "category": "none_available",
          "date": "2025-09-03T22:09:33.000Z",
          "details": "There is no fix available for this vulnerability as of now",
          "product_ids": [
            "17084-3"
          ]
        },
        {
          "category": "none_available",
          "date": "2025-09-03T22:09:33.000Z",
          "details": "There is no fix available for this vulnerability as of now",
          "product_ids": [
            "17084-8"
          ]
        },
        {
          "category": "none_available",
          "date": "2025-09-03T22:09:33.000Z",
          "details": "There is no fix available for this vulnerability as of now",
          "product_ids": [
            "17086-1"
          ]
        },
        {
          "category": "none_available",
          "date": "2025-09-03T22:09:33.000Z",
          "details": "There is no fix available for this vulnerability as of now",
          "product_ids": [
            "17086-6"
          ]
        },
        {
          "category": "vendor_fix",
          "date": "2025-09-03T22:09:33.000Z",
          "details": "1.66.0-4:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "16820-11"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        },
        {
          "category": "vendor_fix",
          "date": "2025-09-03T22:09:33.000Z",
          "details": "3.1.1-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17086-10"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "environmentalsScore": 0.0,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "temporalScore": 6.1,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "17084-2",
            "17086-4",
            "17086-5",
            "16820-11",
            "17086-10",
            "17084-3",
            "17084-8",
            "17086-1",
            "17086-6"
          ]
        }
      ],
      "title": "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attributeIn Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute"
    }
  ]
}

CVE-2018-14040 (GCVE-0-2018-14040)

Vulnerability from cvelistv5 – Published: 2018-07-13 14:00 – Updated: 2024-08-05 09:21

Summary

In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://lists.debian.org/debian-lts-announce/2018…	mailing-listx_refsource_MLIST
	https://seclists.org/bugtraq/2019/May/18	mailing-listx_refsource_BUGTRAQ
	http://seclists.org/fulldisclosure/2019/May/11	mailing-listx_refsource_FULLDISC
	http://seclists.org/fulldisclosure/2019/May/10	mailing-listx_refsource_FULLDISC
	http://seclists.org/fulldisclosure/2019/May/13	mailing-listx_refsource_FULLDISC
	https://lists.apache.org/thread.html/52e0e6b5df82…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/b0656d359c7d…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/519eb0fd4564…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/f9bc3e55f4e2…	mailing-listx_refsource_MLIST
	http://packetstormsecurity.com/files/152787/dotCM…	x_refsource_MISC
	http://packetstormsecurity.com/files/156743/Octob…	x_refsource_MISC
	https://lists.apache.org/thread.html/r3dc0cac8d85…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rd0e44e8ef71…	mailing-listx_refsource_MLIST
	https://www.oracle.com/security-alerts/cpuApr2021.html	x_refsource_MISC
	https://github.com/twbs/bootstrap/pull/26630	x_refsource_MISC
	https://github.com/twbs/bootstrap/issues/26423	x_refsource_MISC
	https://github.com/twbs/bootstrap/issues/26625	x_refsource_MISC
	https://blog.getbootstrap.com/2018/07/12/bootstra…	x_refsource_MISC
	https://www.tenable.com/security/tns-2021-14	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T09:21:41.257Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20180827 [SECURITY] [DLA 1479-1] twitter-bootstrap3 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html"
          },
          {
            "name": "20190509 dotCMS v5.1.1 Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/May/18"
          },
          {
            "name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/May/11"
          },
          {
            "name": "20190510 dotCMS v5.1.1 Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/May/10"
          },
          {
            "name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/May/13"
          },
          {
            "name": "[superset-dev] 20190926 Re: [VOTE] Release Superset 0.34.1 based on Superset 0.34.1rc1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3E"
          },
          {
            "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
          },
          {
            "name": "[hbase-issues] 20201116 [GitHub] [hbase] symat opened a new pull request #2661: HBASE-25261 Upgrade Bootstrap to 3.4.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714%40%3Cissues.hbase.apache.org%3E"
          },
          {
            "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/twbs/bootstrap/pull/26630"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/twbs/bootstrap/issues/26423"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/twbs/bootstrap/issues/26625"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2021-14"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-07-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-22T17:06:53",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20180827 [SECURITY] [DLA 1479-1] twitter-bootstrap3 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html"
        },
        {
          "name": "20190509 dotCMS v5.1.1 Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/May/18"
        },
        {
          "name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2019/May/11"
        },
        {
          "name": "20190510 dotCMS v5.1.1 Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2019/May/10"
        },
        {
          "name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2019/May/13"
        },
        {
          "name": "[superset-dev] 20190926 Re: [VOTE] Release Superset 0.34.1 based on Superset 0.34.1rc1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3E"
        },
        {
          "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
        },
        {
          "name": "[hbase-issues] 20201116 [GitHub] [hbase] symat opened a new pull request #2661: HBASE-25261 Upgrade Bootstrap to 3.4.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714%40%3Cissues.hbase.apache.org%3E"
        },
        {
          "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/twbs/bootstrap/pull/26630"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/twbs/bootstrap/issues/26423"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/twbs/bootstrap/issues/26625"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2021-14"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-14040",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[debian-lts-announce] 20180827 [SECURITY] [DLA 1479-1] twitter-bootstrap3 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html"
            },
            {
              "name": "20190509 dotCMS v5.1.1 Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/May/18"
            },
            {
              "name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2019/May/11"
            },
            {
              "name": "20190510 dotCMS v5.1.1 Vulnerabilities",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2019/May/10"
            },
            {
              "name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2019/May/13"
            },
            {
              "name": "[superset-dev] 20190926 Re: [VOTE] Release Superset 0.34.1 based on Superset 0.34.1rc1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E"
            },
            {
              "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
            },
            {
              "name": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
            },
            {
              "name": "[hbase-issues] 20201116 [GitHub] [hbase] symat opened a new pull request #2661: HBASE-25261 Upgrade Bootstrap to 3.4.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714@%3Cissues.hbase.apache.org%3E"
            },
            {
              "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://github.com/twbs/bootstrap/pull/26630",
              "refsource": "MISC",
              "url": "https://github.com/twbs/bootstrap/pull/26630"
            },
            {
              "name": "https://github.com/twbs/bootstrap/issues/26423",
              "refsource": "MISC",
              "url": "https://github.com/twbs/bootstrap/issues/26423"
            },
            {
              "name": "https://github.com/twbs/bootstrap/issues/26625",
              "refsource": "MISC",
              "url": "https://github.com/twbs/bootstrap/issues/26625"
            },
            {
              "name": "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/",
              "refsource": "MISC",
              "url": "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/"
            },
            {
              "name": "https://www.tenable.com/security/tns-2021-14",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2021-14"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-14040",
    "datePublished": "2018-07-13T14:00:00",
    "dateReserved": "2018-07-13T00:00:00",
    "dateUpdated": "2024-08-05T09:21:41.257Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

MSRC_CVE-2018-14040

CVE-2018-14040 (GCVE-0-2018-14040)

Tags

Sightings

Nomenclature