CVEブラウザに戻る

CVE-2018-20677

MEDIUM

6.1

CVSS Severity Score

EPSS Score0.1660%

EPSS Percentile32.17th

Published2019年1月9日

Last Modified2024年11月21日

Vulnerability Description

In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.

Affected Platforms (CPE)

📦

Getbootstrap

Bootstrap

< 3.4.0

References & Advisories

🔗 https://access.redhat.com/errata/RHBA-2019:1076

🔗 https://access.redhat.com/errata/RHBA-2019:1570

🔗 https://access.redhat.com/errata/RHSA-2019:1456

🔗 https://access.redhat.com/errata/RHSA-2019:3023

🔗 https://access.redhat.com/errata/RHSA-2020:0132

🔗 https://access.redhat.com/errata/RHSA-2020:0133

🔗 https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/

🔗 https://github.com/twbs/bootstrap/issues/27045

関連する脆弱性情報

CVE-2019-108429.8

Arbitrary code execution (via backdoor code) was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unaut...

CVE-2019-81219.8

An insecure component vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3...

CVE-2019-170969.0

A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipulation of the `get_image_url()` ...

CVE-2026-420898.6

Yeoman Environment provides an API to discover, create, and run generators, and to configure where and how a generator is resolved...