React2Shell Update: Critical in-the-wild React.js vulnerability exposes apps to remote code execution. Learn More

Bring Sonatype intelligence to your IDE and AI workflows with the Sonatype MCP server.
Discover, assess, and secure your open source components with confidence.
From selecting the best versions to identifying vulnerabilities, ensuring license compliance, and receiving real-time remediation guidance,
everything you need to build safer software, faster. Get setup now

Vulnerability

CVE-2018-20677

Report advisory or correction

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE

References

https://github.com/twbs/bootstrap/issues/26625

https://github.com/twbs/bootstrap/issues/26628

https://github.com/twbs/bootstrap/issues/27044

https://github.com/twbs/bootstrap/issues/27045

https://github.com/twbs/bootstrap/pull/27047

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20677

[CVE-2018-20677] CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.

Deviation Notice:

Sonatype's research suggests that this CVE's details differ from those defined at NVD or other reporting sources; sign in for details.

Sign up and see:

Detailed deviation notices:

Detailed deviations
References
Custom Descriptions [Coming Soon]