CVE-2018-14041
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in packagist/typo3/cms-core
Identifiers
GHSA-pj7m-g53m-7638, CVE-2018-14041
Package Slug
packagist/typo3/cms-core
Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Description
In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.
Affected Versions
All versions starting from 8.0.0 before 8.7.23, all versions starting from 9.0.0 before 9.5.4
Solution
Upgrade to versions 8.7.23, 9.5.4 or above.
Last Modified
2024-02-05
| source |