Verify if bootstrap vulnerability can be exploited in LLNG (#1495) · Issues · LemonLDAP NG / lemonldap-ng

Verify if bootstrap vulnerability can be exploited in LLNG

The following vulnerabilities were published for twitter-bootstrap3. If LLNG is vulnerable, update bootstrap at least to 4.1.2

CVE-2018-14040: In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.

CVE-2018-14041: In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.

CVE-2018-14042: In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.

Edited Aug 28, 2018 by Yadd