Package: twitter-bootstrap3 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security
Hi, The following vulnerabilities were published for twitter-bootstrap3. CVE-2018-14040[0]: | In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent | attribute. CVE-2018-14041[1]: | In Bootstrap before 4.1.2, XSS is possible in the data-target property | of scrollspy. CVE-2018-14042[2]: | In Bootstrap before 4.1.2, XSS is possible in the data-container | property of tooltip. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-14040 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14040 [1] https://security-tracker.debian.org/tracker/CVE-2018-14041 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14041 [2] https://security-tracker.debian.org/tracker/CVE-2018-14042 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14042 Please adjust the affected versions in the BTS as needed. --
signature.asc
Description: PGP signature
