Medium severity6.1NVD Advisory· Published Jul 13, 2018· Updated Jun 17, 2026
CVE-2018-14042
CVE-2018-14042
Description
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
bootstrapRubyGems | >= 4.0.0, < 4.1.2 | 4.1.2 |
bootstrapRubyGems | >= 2.3.0, < 3.4.0 | 3.4.0 |
bootstrapnpm | >= 4.0.0, < 4.1.2 | 4.1.2 |
bootstrapnpm | >= 2.3.0, < 3.4.0 | 3.4.0 |
org.webjars:bootstrapMaven | >= 4.0.0, < 4.1.2 | 4.1.2 |
org.webjars:bootstrapMaven | >= 2.3.0, < 3.4.0 | 3.4.0 |
twbs/bootstrapPackagist | >= 4.0.0, < 4.1.2 | 4.1.2 |
twbs/bootstrapPackagist | >= 2.3.0, < 3.4.0 | 3.4.0 |
bootstrapNuGet | >= 4.0.0, < 4.1.2 | 4.1.2 |
bootstrapNuGet | >= 2.3.0, < 3.4.0 | 3.4.0 |
bootstrap-sassRubyGems | >= 2.3.0, < 3.4.0 | 3.4.0 |
bootstrap-sassnpm | >= 2.0.4, < 3.4.0 | 3.4.0 |
bootstrap.sassNuGet | >= 4.0.0, < 4.1.2 | 4.1.2 |
Affected products
49- osv-coords49 versionspkg:apk/chainguard/grafana-10.4pkg:apk/chainguard/grafana-10.4-oci-compatpkg:apk/chainguard/grafana-11.2pkg:apk/chainguard/grafana-11.2-oci-compatpkg:apk/chainguard/grafana-11.3pkg:apk/chainguard/grafana-11.3-oci-compatpkg:apk/chainguard/grafana-11.4pkg:apk/chainguard/grafana-11.4-oci-compatpkg:apk/chainguard/grafana-11.5pkg:apk/chainguard/grafana-11.5-oci-compatpkg:apk/chainguard/grafana-11.6pkg:apk/chainguard/grafana-11.6-oci-compatpkg:apk/chainguard/grafana-fips-11.2pkg:apk/chainguard/grafana-fips-11.2-oci-compatpkg:apk/chainguard/grafana-fips-11.3pkg:apk/chainguard/grafana-fips-11.3-oci-compatpkg:apk/chainguard/grafana-fips-11.4pkg:apk/chainguard/grafana-fips-11.4-oci-compatpkg:apk/chainguard/grafana-fips-11.5pkg:apk/chainguard/grafana-fips-11.5-oci-compatpkg:apk/chainguard/grafana-fips-11.6pkg:apk/chainguard/grafana-fips-11.6-oci-compatpkg:apk/wolfi/grafana-10.4pkg:apk/wolfi/grafana-11.2pkg:apk/wolfi/grafana-11.2-oci-compatpkg:apk/wolfi/grafana-11.3pkg:apk/wolfi/grafana-11.3-oci-compatpkg:apk/wolfi/grafana-11.4pkg:apk/wolfi/grafana-11.4-oci-compatpkg:apk/wolfi/grafana-11.5pkg:apk/wolfi/grafana-11.5-oci-compatpkg:apk/wolfi/grafana-11.6pkg:apk/wolfi/grafana-11.6-oci-compatpkg:composer/twbs/bootstrappkg:gem/bootstrappkg:gem/bootstrap-sasspkg:maven/org.webjars/bootstrappkg:npm/bootstrappkg:npm/bootstrap-sasspkg:nuget/bootstrappkg:nuget/bootstrap.sasspkg:rpm/almalinux/custodiapkg:rpm/almalinux/python3-custodiapkg:rpm/almalinux/python3-jwcryptopkg:rpm/almalinux/python3-kdcproxypkg:rpm/almalinux/python3-pyusbpkg:rpm/almalinux/python3-qrcodepkg:rpm/almalinux/python3-qrcode-corepkg:rpm/almalinux/python3-yubico
< 10.4.19.01-r4+ 48 more
- (no CPE)range: < 10.4.19.01-r4
- (no CPE)range: < 10.4.19.01-r4
- (no CPE)range: < 11.2.10.01-r7
- (no CPE)range: < 11.2.10.01-r7
- (no CPE)range: < 11.3.9-r5
- (no CPE)range: < 11.3.9-r5
- (no CPE)range: < 11.4.8-r2
- (no CPE)range: < 11.4.8-r2
- (no CPE)range: < 11.5.10-r0
- (no CPE)range: < 11.5.10-r0
- (no CPE)range: < 11.6.7-r0
- (no CPE)range: < 11.6.7-r0
- (no CPE)range: < 11.2.10.01-r6
- (no CPE)range: < 11.2.10.01-r6
- (no CPE)range: < 11.3.9-r4
- (no CPE)range: < 11.3.9-r4
- (no CPE)range: < 11.4.8-r2
- (no CPE)range: < 11.4.8-r2
- (no CPE)range: < 11.5.10-r0
- (no CPE)range: < 11.5.10-r0
- (no CPE)range: < 11.6.7-r0
- (no CPE)range: < 11.6.7-r0
- (no CPE)range: < 10.4.19.01-r4
- (no CPE)range: < 11.2.10.01-r7
- (no CPE)range: < 11.2.10.01-r7
- (no CPE)range: < 11.3.9-r5
- (no CPE)range: < 11.3.9-r5
- (no CPE)range: < 11.4.8-r2
- (no CPE)range: < 11.4.8-r2
- (no CPE)range: < 11.5.10-r0
- (no CPE)range: < 11.5.10-r0
- (no CPE)range: < 11.6.7-r0
- (no CPE)range: < 11.6.7-r0
- (no CPE)range: >= 4.0.0, < 4.1.2
- (no CPE)range: >= 4.0.0, < 4.1.2
- (no CPE)range: >= 2.3.0, < 3.4.0
- (no CPE)range: >= 4.0.0, < 4.1.2
- (no CPE)range: >= 4.0.0, < 4.1.2
- (no CPE)range: >= 2.0.4, < 3.4.0
- (no CPE)range: >= 4.0.0, < 4.1.2
- (no CPE)range: >= 4.0.0, < 4.1.2
- (no CPE)range: < 0.6.0-3.module_el8.6.0+2881+2f24dc92
- (no CPE)range: < 0.6.0-3.module_el8.6.0+2881+2f24dc92
- (no CPE)range: < 0.5.0-1.module_el8.5.0+2641+983b221b
- (no CPE)range: < 0.4-5.module_el8.6.0+2881+2f24dc92
- (no CPE)range: < 1.0.0-9.module_el8.5.0+2641+983b221b
- (no CPE)range: < 5.1-12.module_el8.6.0+2881+2f24dc92
- (no CPE)range: < 5.1-12.module_el8.6.0+2737+7e73ea90
- (no CPE)range: < 1.3.2-9.module_el8.5.0+2641+983b221b
Patches
Vulnerability mechanics
References
31- github.com/twbs/bootstrap/pull/26630nvdIssue TrackingPatchThird Party AdvisoryWEB
- github.com/twbs/bootstrap/issues/26628nvdExploitIssue TrackingThird Party AdvisoryWEB
- blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/nvdVendor Advisory
- github.com/advisories/GHSA-7mvr-5x2g-wfc8ghsaADVISORY
- github.com/twbs/bootstrap/issues/26423nvdIssue TrackingThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2018-14042ghsaADVISORY
- packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.htmlnvdWEB
- seclists.org/fulldisclosure/2019/May/10nvdWEB
- seclists.org/fulldisclosure/2019/May/11nvdWEB
- seclists.org/fulldisclosure/2019/May/13nvdWEB
- blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2ghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-14042.ymlghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2018-14042.ymlghsaWEB
- github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609dghsaWEB
- github.com/twbs/bootstrap/commit/2d90d369bbc2bd2647620246c55cec8c4705e3d0ghsaWEB
- github.com/twbs/bootstrap/issues/26428ghsaWEB
- lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3EghsaWEB
- lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3EghsaWEB
- lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3EghsaWEB
- lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3EghsaWEB
- lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714@%3Cissues.hbase.apache.org%3EghsaWEB
- lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3EghsaWEB
- seclists.org/bugtraq/2019/May/18nvdWEB
- www.oracle.com/security-alerts/cpuApr2021.htmlnvdWEB
- www.tenable.com/security/tns-2021-14nvdWEB
- lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3Envd
- lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3Envd
- lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3Envd
- lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3Envd
- lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714%40%3Cissues.hbase.apache.org%3Envd
- lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3Envd
News mentions
0No linked articles in our index yet.