Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

XSS possible in collapse data-parent attribute #26625

Closed
1Jesper1 opened this issue May 29, 2018 · 4 comments
Closed

XSS possible in collapse data-parent attribute #26625

1Jesper1 opened this issue May 29, 2018 · 4 comments
Labels
confirmed js v4

Comments

@1Jesper1
Copy link

XSS possible in collapse data-parent attribute
data-parent="<img src=1 onerror=alert(123) />"
Bootstrap 4.1.1 in combination with JQuery 3.3.1
@Johann-S
Copy link
Member

Bug reports must include a live demo of the problem. Per our contributing guidelines, please create a reduced test case via CodePen or JS Bin and report back with your link, Bootstrap version, and specific browser and OS details.

@1Jesper1
Copy link
Author

1Jesper1 commented May 30, 2018
edited
Loading

https://jsbin.com/xeminoniku/edit?html,output

Browser: Chrome Version 66.0.3359.181 64x
OS: Windows 10 64x

@Johann-S Johann-S mentioned this issue May 30, 2018
Merged
@don-spyker don-spyker mentioned this issue Aug 10, 2018
Merged
don-spyker added a commit to don-spyker/bootstrap that referenced this issue Aug 10, 2018
@don-spyker
fix(collapse): xss CVE-2018-14040
2b4597a 
Fixes twbs#26625
Johann-S pushed a commit that referenced this issue Aug 13, 2018
@don-spyker @Johann-S
Fix/xss issues on data attributes (#27047)
2a5ba23 
* fix(collapse): xss CVE-2018-14040

Fixes #26625

* fix(tooltip): xss CVE-2018-14042

Fixes #26628

* fix(tooltip): XSS on data-viewport attribute

Fixes #27044

* fix(affix): XSS on target config

Fixes #27045
@anarcat
Copy link

anarcat commented Aug 27, 2018

during some tests in the Debian LTS security team, it was determined that Bootstrap 2.0.2 is not affected by this issue.

@matthew-white matthew-white mentioned this issue Sep 7, 2018
Closed
@lucianot54 lucianot54 mentioned this issue Apr 5, 2019
Open
This was referenced Feb 26, 2023
Open
Open
@princechaddha princechaddha mentioned this issue Jun 26, 2023
Open
93 tasks
This was referenced Apr 26, 2023
Open
Open
This was referenced Jul 10, 2023
Open
Open
@jenhae jenhae mentioned this issue Jan 13, 2024
Merged
@jenhae
Copy link

jenhae commented Jan 18, 2024

Hi @anarcat,

I don't know how the Debian LTS Team tested this issue, but I have an JSBin https://jsbin.com/xixaqeyofi/edit?html,output using bootstrap 2.3.0 which is affected by this CVE. I could track down the issue to line 34 of bootstrap-collapse using my example, see https://github.com/twbs/bootstrap/blob/v2.3.0/js/bootstrap-collapse.js#L34. This code behaves the same as https://github.com/twbs/bootstrap/blob/v2.0.0/js/bootstrap-collapse.js#L29.

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
confirmed js v4
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@anarcat @Johann-S @1Jesper1 @jenhae