In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041. References: https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/ https://github.com/twbs/bootstrap/issues/20184 https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906 Upstream Patch: https://github.com/twbs/bootstrap/pull/23679 https://github.com/twbs/bootstrap/pull/23687 https://github.com/twbs/bootstrap/pull/26460
RHOSP ships two versions of bootstrap, both of which are affected. Marking as such and filing trackers. OpenStack -> Bootstrap 8,9,10 -> 3.2.0.0-1 13,14 -> 3.3.7.1-2
Created python-XStatic-Bootstrap-SCSS tracking bugs for this issue: Affects: epel-7 [bug 1670553] Affects: fedora-all [bug 1670554] Affects: openstack-rdo [bug 1670556] Created rubygem-bootstrap-sass tracking bugs for this issue: Affects: fedora-all [bug 1670555]
This issue has been addressed in the following products: Red Hat Single Sign-On 7.3.2 zip Via RHSA-2019:1456 https://access.redhat.com/errata/RHSA-2019:1456
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2016-10735
This vulnerability was addressed Red Hat Virtualization 4.3 package ovirt-engine-api-explorer via https://access.redhat.com/errata/RHBA-2019:1570
Statement: Red Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite. Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.
This issue has been addressed in the following products: Red Hat Virtualization Engine 4.3 Via RHSA-2019:3023 https://access.redhat.com/errata/RHSA-2019:3023
This issue has been addressed in the following products: Red Hat Process Automation Via RHSA-2020:0132 https://access.redhat.com/errata/RHSA-2020:0132
This issue has been addressed in the following products: Red Hat Decision Manager Via RHSA-2020:0133 https://access.redhat.com/errata/RHSA-2020:0133
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:3936 https://access.redhat.com/errata/RHSA-2020:3936
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4670 https://access.redhat.com/errata/RHSA-2020:4670
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4847 https://access.redhat.com/errata/RHSA-2020:4847
This issue has been addressed in the following products: Red Hat OpenStack Platform 13.0 (Queens) Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS Via RHSA-2020:5571 https://access.redhat.com/errata/RHSA-2020:5571
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Via RHSA-2023:0553 https://access.redhat.com/errata/RHSA-2023:0553
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Via RHSA-2023:0552 https://access.redhat.com/errata/RHSA-2023:0552
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Via RHSA-2023:0554 https://access.redhat.com/errata/RHSA-2023:0554
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform Via RHSA-2023:0556 https://access.redhat.com/errata/RHSA-2023:0556