GHSA-pj7m-g53m-7638, CVE-2018-14041
packagist/typo3/cms
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.
All versions starting from 8.0.0 before 8.7.23, all versions starting from 9.0.0 before 9.5.4
Upgrade to versions 8.7.23, 9.5.4 or above.
2024-02-05
source |