Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

Vulnerable javascript dependency at Main domain

Low
S
Sifchain
Submitted None
Actions:
View on HackerOne
Reported by dantt

Vulnerability Details

Technical details and impact analysis

Using Components with Known Vulnerabilities
Hello, Issue detail, Burp observed 1 outdated JavaScript libraries with 4 known vulnerabilities. Burp detected bootstrap version 4.0.0, which has the following vulnerabilities: CVE-2019-8331: XSS in data-template, data-content and data-title properties of tooltip/popover CVE-2018-14041: XSS in data-target property of scrollspy CVE-2018-14040: XSS in collapse data-parent attribute CVE-2018-14042: XSS in data-container property of tooltip Host:  https://sifchain.finance Path:  /wp-content/themes/icos/assets/js/vendor/bootstrap.min.js {F1293110} ## Impact Potential XSS

Related CVEs

Associated Common Vulnerabilities and Exposures

CVE-2019-8331 UNKNOWN

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.

CVE-2018-14041 UNKNOWN

In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.

CVE-2018-14040 UNKNOWN

In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.

CVE-2018-14042 UNKNOWN

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.

Report Details

Additional information and metadata

State

Closed

Substate

Not-Applicable

Submitted

Weakness

Using Components with Known Vulnerabilities