CVE-2018-14040
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
We have discovered 1,222,580 live websites that are affected by CVE-2018-14040.
Affected Software
| Product |  Bootstrap |
| Category | UI Frameworks |
| Vulnerable Domains | 1,222,580 live websites (55.92% of Bootstrap install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 246 versions ( 49.00% of all versions) |
Details
- Published - Jul 13, 2018
- Updated - Aug 5, 2024
CVE References
CVE-2018-14040 usage by Country
 United States | 536,925 websites |
 Germany | 91,167 websites |
 France | 67,523 websites |
 Cyprus | 44,490 websites |
 Netherlands | 44,223 websites |
 GB | 35,678 websites |
 Russia | 30,983 websites |
 Japan | 27,581 websites |
 Poland | 24,340 websites |
 Brazil | 22,185 websites |
CVE-2018-14040 usage by TLD
| .com | 555,792 websites |
| .org | 58,576 websites |
| .de | 43,732 websites |
| .net | 38,093 websites |
| .nl | 31,424 websites |
| .co.uk | 30,445 websites |
| .ru | 27,244 websites |
| .com.br | 26,355 websites |
| .fr | 24,911 websites |
| .pl | 21,543 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2018-14040
Top websites that are affected by CVE-2018-14040. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ********.****.br | Brazil | ** | |
| ********.com | United States | *** | |
| ******.com | United States | *** | |
| **.com |  Singapore | *** | |
| *********.com |  Canada | *** | |
| *********.com | United States | *** | |
| ***********.org | United States | *** | |
| *******.org | United States | *,*** | |
| ********.com | United States | *,*** | |
| *****.******.com | United States | *,*** |
FAQ
A total of 1,222,580 websites have been identified as vulnerable to CVE-2018-14040, discovered through global website indexing conducted by WebTechSurvey.
Bootstrap is susceptible to CVE-2018-14040 vulnerability.
Bootstrap versions before 4.1.2 are vulnerable to CVE-2018-14040.
Version 4.1.2 of Bootstrap addresses the CVE-2018-14040 security vulnerability.
References
- https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html
- https://seclists.org/bugtraq/2019/May/18
- http://seclists.org/fulldisclosure/2019/May/11
- http://seclists.org/fulldisclosure/2019/May/10
- http://seclists.org/fulldisclosure/2019/May/13
- https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3E
- https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
- https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
- https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
- http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html
- http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html
- https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714%40%3Cissues.hbase.apache.org%3E
- https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://github.com/twbs/bootstrap/pull/26630
- https://github.com/twbs/bootstrap/issues/26423
- https://github.com/twbs/bootstrap/issues/26625
- https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/
- https://www.tenable.com/security/tns-2021-14