CVE-2019-8331 — Bootstrap Vulnerable to Cross-Site Scripting · VulnScope

CVE-2019-8331

Bootstrap Vulnerable to Cross-Site Scripting

6.1

MEDIUM

CVSS 3.1

EPSS 1.7%

Description

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.

How to fix CVE-2019-8331

To remediate CVE-2019-8331, upgrade the affected package to a fixed version below.

Debian/twitter-bootstrap3—upgrade to 3.4.1+dfsg-1 or later
Debian/twitter-bootstrap4—upgrade to 4.3.1+dfsg2-1 or later
—upgrade to 3.4.1 or later
—upgrade to 4.3.1 or later
—upgrade to 3.4.1 or later
—upgrade to 4.3.1 or later
—upgrade to 3.4.1 or later
—upgrade to 4.3.1 or later
—upgrade to 3.4.1 or later
—upgrade to 4.3.1 or later
—upgrade to 3.4.1 or later
—no fix listed

Is CVE-2019-8331 being exploited?

Low — EPSS is 1.7%, meaning exploitation activity has not been observed at scale.

Affected packages (12)

from 0, < 3.4.1+dfsg-1
from 0, < 4.3.1+dfsg2-1
>= 3.0.0, < 3.4.1
>= 4.0.0, < 4.3.1
>= 3.0.0, < 3.4.1
>= 4.0.0, < 4.3.1
>= 3.0.0, < 3.4.1
from 0, < 4.3.1
>= 3.0.0, < 3.4.1
from 0, < 4.3.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References (46)