Fix xss in tooltip, collapse and scrollspy plugins by Johann-S · Pull Request #26630 · twbs/bootstrap

Johann-S · 2018-05-30T07:52:49Z

Fixes #26625 / CVE-2018-14040
Fixes #26627 / CVE-2018-14041
Fixes #26628 / CVE-2018-14042

XhmikosR · 2018-05-30T07:57:51Z

Hmm, it seems we are having some test failures @Johann-S :/

BTW, do we have any other places like these? Would be ideal if we tackled all similar issues now and release a new patch release soon-ish.

Johann-S · 2018-05-30T08:00:38Z

yep I'm on it 😉 just a few minutes

It's a bit hard to identify all the possible XSS in once 😟 we should check all of our options

XhmikosR · 2018-06-01T06:14:09Z

@Johann-S: let's get this merged and hopefully people will report if there are any other cases.

Johann-S added js v4 labels May 30, 2018

Johann-S requested a review from XhmikosR May 30, 2018 07:52

Johann-S added 3 commits May 30, 2018 10:06

fix(tooltip): xss in container option

efca80b

fix(collapse): xss in parent option

3ba1863

fix(scrollspy): xss in target option

3229efc

Johann-S force-pushed the v4-dev-jo-xss branch from fdf7f2a to 3229efc Compare May 30, 2018 08:09

Merge branch 'v4-dev' into v4-dev-jo-xss

5bebb82

XhmikosR approved these changes Jun 1, 2018

View reviewed changes

Johann-S merged commit cc61edf into v4-dev Jun 1, 2018

Johann-S deleted the v4-dev-jo-xss branch June 1, 2018 07:10

mdo mentioned this pull request Jun 1, 2018

v4.1.2 ship list #26423

Closed

ernitishkumar mentioned this pull request Jul 26, 2018

Collapse stopped working after #26630 PR merge i.e in v4.1.2 #26968

Closed

pouyana mentioned this pull request Jul 30, 2018

Getting error in console for collapse JavaScript plugin #26891

Closed

denis-yuen mentioned this pull request Nov 15, 2018

Remove Bootstrap 3 dockstore/dockstore#1899

Open

ghe-v2 Bot mentioned this pull request Feb 27, 2023

bootstrap-3.3.7.min.js: 6 vulnerabilities (highest severity is: 6.1) jesse-ghe-2/easybuggy#5

Open

This was referenced Mar 31, 2023

bootstrap-3.1.1.min.js: 6 vulnerabilities (highest severity is: 6.1) wssbanana2/WebGoat#7

Open

bootstrap-3.3.7.jar: 6 vulnerabilities (highest severity is: 6.1) wssbanana2/WebGoat#13

Open

mend-local-app Bot mentioned this pull request Jul 9, 2023

bootstrap-3.3.7.min.js: 5 vulnerabilities (highest severity is: 6.5) amaybaum-local/EasyBuggy6#2

Open

This was referenced Oct 16, 2023

bootstrap-3.3.7.jar: 5 vulnerabilities (highest severity is: 6.1) Mend-JoshN-GHE-SAST/WebGoat#6

Open

bootstrap-3.1.1.min.js: 5 vulnerabilities (highest severity is: 6.1) Mend-JoshN-GHE-SAST/WebGoat#14

Open

mend-app-sh Bot mentioned this pull request Nov 17, 2023

bootstrap-3.3.7.min.js: 6 vulnerabilities (highest severity is: 6.1) jorgerdemocorp-mend-selfhosted/EasyBuggyForTesting#3

Open

This was referenced Feb 15, 2024

bootstrap-3.3.7.min.js: 5 vulnerabilities (highest severity is: 6.1) Mend-JoshN-GHE-SAST/easybuggy3#2

Open

bootstrap-3.3.7.min.js: 5 vulnerabilities (highest severity is: 6.1) Mend-JoshN-GHE-SAST/easybuggy4#26

Open

renovate Bot mentioned this pull request Oct 20, 2025

bootstrap-4.1.0.min.js: 4 vulnerabilities (highest severity is: 6.1) [master] Emmanuel-Evenzur/PyGoat-#77

Open

renovate Bot mentioned this pull request Nov 4, 2025

bootstrap-4.1.0.min.js: 4 vulnerabilities (highest severity is: 6.1) [all-contributors/add-Hkakashi] blemaire-wavetel/pygoat#6

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Fix xss in tooltip, collapse and scrollspy plugins#26630

Fix xss in tooltip, collapse and scrollspy plugins#26630
Johann-S merged 4 commits into
v4-devfrom
v4-dev-jo-xss

Johann-S commented May 30, 2018 •

edited by bardiharborow

Loading

Uh oh!

XhmikosR commented May 30, 2018 •

edited

Loading

Uh oh!

Johann-S commented May 30, 2018 •

edited

Loading

Uh oh!

XhmikosR commented Jun 1, 2018

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Uh oh!

Conversation

Johann-S commented May 30, 2018 • edited by bardiharborow Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

XhmikosR commented May 30, 2018 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Johann-S commented May 30, 2018 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

XhmikosR commented Jun 1, 2018

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Johann-S commented May 30, 2018 •

edited by bardiharborow

Loading

XhmikosR commented May 30, 2018 •

edited

Loading

Johann-S commented May 30, 2018 •

edited

Loading