CVE-2018-20677 @ Npm-bootstrap-3.1.1

**Vulnerable Package** issue exists @ **Npm\-bootstrap\-3.1.1** in branch **main**

In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.

**Namespace:** CxDemoInABoxRepos
**Repository:** Java-Webgoat
**Repository Url:** https://github.com/CxDemoInABoxRepos/Java-Webgoat
**CxAST\-Project:** CxDemoInABoxRepos/Java-Webgoat
**CxAST platform scan:** [188de2bd\-a9df\-4b09\-95f7\-dd05d6f06695](https://deu.ast.checkmarx.net/projects/26b3e443-162d-4768-a7fd-3d09781bac58/scans?id=188de2bd-a9df-4b09-95f7-dd05d6f06695&branch=main)
**Branch:** main
**Application:** Java-Webgoat
**Severity:** MEDIUM
**State:** TO_VERIFY
**Status:** RECURRENT
**CWE:** CWE-79


----
**Additional Info**
**Attack vector:** NETWORK
**Attack complexity:** LOW
**Confidentiality impact:** LOW
**Availability impact:** NONE
**Remediation Upgrade Recommendation:** 3.4.1


----
**References**
[Pull request](https://github.com/twbs/bootstrap/pull/27047)
[Issue](https://github.com/twbs/bootstrap/issues/27045)
[Commit](https://github.com/don-spyker/bootstrap/commit/ae29b6ad0a5bf057e2832249466b97760f9f1e8a)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CVE-2018-20677 @ Npm-bootstrap-3.1.1 #521

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

CVE-2018-20677 @ Npm-bootstrap-3.1.1 #521

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions