Loading HuntDB...

Hunt

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

GHSA-pj7m-g53m-7638

GitHub Security Advisory

Bootstrap Cross-site Scripting vulnerability

✓ GitHub Reviewed MODERATE Has CVE

View on GitHub

Advisory Details

In Bootstrap 4.x before 4.1.2, XSS is possible in the data-target property of scrollspy. This is similar to CVE-2018-14042.

Affected Packages

npm bootstrap

Affected versions: 4.0.0 (fixed in 4.1.2)

Packagist typo3/cms-core

Affected versions: 8.0.0 (fixed in 8.7.23)

Packagist typo3/cms-core

Affected versions: 9.0.0 (fixed in 9.5.4)

Packagist typo3/cms

Affected versions: 8.0.0 (fixed in 8.7.23)

Packagist typo3/cms

Affected versions: 9.0.0 (fixed in 9.5.4)

RubyGems bootstrap

Affected versions: 4.0.0 (fixed in 4.1.2)

Packagist twbs/bootstrap

Affected versions: 4.0.0 (fixed in 4.1.2)

NuGet bootstrap

Affected versions: 4.0.0 (fixed in 4.1.2)

NuGet bootstrap.sass

Affected versions: 4.0.0 (fixed in 4.1.2)

Maven org.webjars:bootstrap

Affected versions: 4.0.0 (fixed in 4.1.2)

Related CVEs

CVE-2018-14041

Key Information

GHSA ID

GHSA-pj7m-g53m-7638

Published

September 13, 2018 3:49 PM

Last Modified

August 1, 2024 9:03 PM

CVSS Score

5.0 /10

Primary Ecosystem

npm

Primary Package

bootstrap

GitHub Reviewed

✓ Yes

Dataset

Last updated: October 1, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.