Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2018-14042

Description

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.

POC

Reference

- http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html

- http://seclists.org/fulldisclosure/2019/May/13

- https://seclists.org/bugtraq/2019/May/18

- https://www.oracle.com/security-alerts/cpuApr2021.html

Github

- https://github.com/ARPSyndicate/cvemon

- https://github.com/NeuraLegion/brokencrystals

- https://github.com/Ng0Sang/Brokencrystals-CI-CD-Pipeline

- https://github.com/Sang-DevSecOps1/Brokencrystals-CI-CD-Pipeline

- https://github.com/Snorlyd/https-nj.gov---CVE-2018-14042

- https://github.com/aemon1407/KWSPZapTest

- https://github.com/amakhu/cdp

- https://github.com/gregdo21/brokencrystals

- https://github.com/hdgittest/brokencrystals

- https://github.com/missuvimdool-netizen/scan

- https://github.com/officialsangdavid/Brokencrystals-CI-CD-Pipeline

- https://github.com/ossf-cve-benchmark/CVE-2018-14042

- https://github.com/tssbox/ab-bc-01