Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

CVE-2018-14042 @ Maven-org.webjars:bootstrap-3.3.7 #741

Open
AASMACMX opened this issue Jul 10, 2023 · 0 comments
Open

CVE-2018-14042 @ Maven-org.webjars:bootstrap-3.3.7 #741

AASMACMX opened this issue Jul 10, 2023 · 0 comments
Labels
branch:main Checkmarx CxSCA

Comments

@AASMACMX
Copy link
Contributor

AASMACMX commented Jul 10, 2023
edited
Loading

Vulnerable Package issue exists @ Maven-org.webjars:bootstrap-3.3.7 in branch main

In Bootstrap before 3.4.0 and 4.0.0 through 4.1.1, XSS is possible in the data-container property of tooltip.

Namespace: CxDemoInABoxRepos
Repository: Java-Webgoat
Repository Url: https://github.com/CxDemoInABoxRepos/Java-Webgoat
CxAST-Project: CxDemoInABoxRepos/Java-Webgoat
CxAST platform scan: 15076145-61a1-4d21-a896-a138ffd875d6
Branch: main
Application: Java-Webgoat
Severity: MEDIUM
State: TO_VERIFY
Status: RECURRENT
CWE: CWE-79

Additional Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: LOW
Availability impact: NONE
Remediation Upgrade Recommendation: 3.4.0

References
Advisory
Release Note
Issue
Issue
Pull request
Commit
Commit
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
branch:main Checkmarx CxSCA
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@AASMACMX