Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/95340?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/95340?format=api", "purl": "pkg:rpm/redhat/ceph@2:17.2.6-148?arch=el9cp", "type": "rpm", "namespace": "redhat", "name": "ceph", "version": "2:17.2.6-148", "qualifiers": { "arch": "el9cp" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9621?format=api", "vulnerability_id": "VCID-3gg5-1921-rbfs", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nIn Bootstrap, XSS is possible in the data-target property of scrollspy.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html" }, { "reference_url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1456", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1456" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14041.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14041.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14041", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07723", "scoring_system": "epss", "scoring_elements": "0.91935", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.07723", "scoring_system": "epss", "scoring_elements": "0.91932", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.07723", "scoring_system": "epss", "scoring_elements": "0.91926", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.07723", "scoring_system": "epss", "scoring_elements": "0.91914", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.07723", "scoring_system": "epss", "scoring_elements": "0.91907", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.07723", "scoring_system": "epss", "scoring_elements": "0.91899", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.07723", "scoring_system": "epss", "scoring_elements": "0.91891", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.07723", "scoring_system": "epss", "scoring_elements": "0.9195", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.07723", "scoring_system": "epss", "scoring_elements": "0.91947", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.07723", "scoring_system": "epss", "scoring_elements": "0.91944", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.07723", "scoring_system": "epss", "scoring_elements": "0.91931", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.07917", "scoring_system": "epss", "scoring_elements": "0.92059", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.07917", "scoring_system": "epss", "scoring_elements": "0.92057", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14041" }, { "reference_url": "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2" }, { "reference_url": "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/May/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2019/May/10" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/May/11", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2019/May/11" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/May/13", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2019/May/13" }, { "reference_url": "https://github.com/twbs/bootstrap", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twbs/bootstrap" }, { "reference_url": "https://github.com/twbs/bootstrap/issues/26423", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twbs/bootstrap/issues/26423" }, { "reference_url": "https://github.com/twbs/bootstrap/issues/26627", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twbs/bootstrap/issues/26627" }, { "reference_url": "https://github.com/twbs/bootstrap/pull/26630", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twbs/bootstrap/pull/26630" }, { "reference_url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714@%3Cissues.hbase.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714@%3Cissues.hbase.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714%40%3Cissues.hbase.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714%40%3Cissues.hbase.apache.org%3E" }, { "reference_url": "https://seclists.org/bugtraq/2019/May/18", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/May/18" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2019-006", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2019-006" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601616", "reference_id": "1601616", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601616" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14041", "reference_id": "CVE-2018-14041", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14041" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2018-14041.yaml", "reference_id": "CVE-2018-14041.YAML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2018-14041.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2018-14041.yaml", "reference_id": "CVE-2018-14041.YAML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2018-14041.yaml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2018-14041.yml", "reference_id": "CVE-2018-14041.YML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2018-14041.yml" }, { "reference_url": "https://github.com/advisories/GHSA-pj7m-g53m-7638", "reference_id": "GHSA-pj7m-g53m-7638", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pj7m-g53m-7638" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0552", "reference_id": "RHSA-2023:0552", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0552" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0553", "reference_id": "RHSA-2023:0553", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0553" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0554", "reference_id": "RHSA-2023:0554", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0554" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0556", "reference_id": "RHSA-2023:0556", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0556" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5693", "reference_id": "RHSA-2023:5693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5693" } ], "fixed_packages": [], "aliases": [ "CVE-2018-14041", "GHSA-pj7m-g53m-7638" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3gg5-1921-rbfs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78067?format=api", "vulnerability_id": "VCID-47cr-h639-tqd4", "summary": "rgw: improperly verified POST keys", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43040.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43040.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-43040", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05746", "scoring_system": "epss", "scoring_elements": "0.90479", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.05746", "scoring_system": "epss", "scoring_elements": "0.90467", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.05746", "scoring_system": "epss", "scoring_elements": "0.9048", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.06202", "scoring_system": "epss", "scoring_elements": "0.90823", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.06202", "scoring_system": "epss", "scoring_elements": "0.90868", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.06202", "scoring_system": "epss", "scoring_elements": "0.90893", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.06202", "scoring_system": "epss", "scoring_elements": "0.9089", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.06202", "scoring_system": "epss", "scoring_elements": "0.90833", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.06202", "scoring_system": "epss", "scoring_elements": "0.90844", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.06202", "scoring_system": "epss", "scoring_elements": "0.90855", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.06202", "scoring_system": "epss", "scoring_elements": "0.90862", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.06202", "scoring_system": "epss", "scoring_elements": "0.9087", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-43040" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43040", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43040" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053690", "reference_id": "1053690", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053690" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216855", "reference_id": "2216855", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216855" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266807", "reference_id": "266807", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T16:41:59Z/" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266807" }, { "reference_url": "https://www.ibm.com/support/pages/node/7151040", "reference_id": "7151040", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T16:41:59Z/" } ], "url": "https://www.ibm.com/support/pages/node/7151040" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5693", "reference_id": "RHSA-2023:5693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0745", "reference_id": "RHSA-2024:0745", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0745" }, { "reference_url": "https://usn.ubuntu.com/6613-1/", "reference_id": "USN-6613-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6613-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2023-43040" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-47cr-h639-tqd4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10204?format=api", "vulnerability_id": "VCID-br4c-7x9j-g3f6", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nIn Bootstrap, XSS is possible in the tooltip data-viewport attribute.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHBA-2019:1076", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHBA-2019:1076" }, { "reference_url": "https://access.redhat.com/errata/RHBA-2019:1570", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHBA-2019:1570" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1456", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1456" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3023", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3023" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0132", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0132" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0133", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0133" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20676.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20676.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20676", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05658", "scoring_system": "epss", "scoring_elements": "0.90371", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05658", "scoring_system": "epss", "scoring_elements": "0.90386", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.05658", "scoring_system": "epss", "scoring_elements": "0.90384", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.05658", "scoring_system": "epss", "scoring_elements": "0.90377", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05804", "scoring_system": "epss", "scoring_elements": "0.90544", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.06144", "scoring_system": "epss", "scoring_elements": "0.90768", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.06144", "scoring_system": "epss", "scoring_elements": "0.90822", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.06144", "scoring_system": "epss", "scoring_elements": "0.90813", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.06144", "scoring_system": "epss", "scoring_elements": "0.90806", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.06144", "scoring_system": "epss", "scoring_elements": "0.90796", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.06144", "scoring_system": "epss", "scoring_elements": "0.90785", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.06144", "scoring_system": "epss", "scoring_elements": "0.90774", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20676" }, { "reference_url": "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0" }, { "reference_url": "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20676", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20676" }, { "reference_url": "https://github.com/twbs/bootstrap", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twbs/bootstrap" }, { "reference_url": "https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d" }, { "reference_url": "https://github.com/twbs/bootstrap/issues/27044", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twbs/bootstrap/issues/27044" }, { "reference_url": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906" }, { "reference_url": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628" }, { "reference_url": "https://github.com/twbs/bootstrap/pull/27047", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twbs/bootstrap/pull/27047" }, { "reference_url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E" }, { "reference_url": "https://www.tenable.com/security/tns-2021-14", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.tenable.com/security/tns-2021-14" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668082", "reference_id": "1668082", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668082" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20676", "reference_id": "CVE-2018-20676", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20676" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2018-20676.yml", "reference_id": "CVE-2018-20676.YML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2018-20676.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-20676.yml", "reference_id": "CVE-2018-20676.YML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-20676.yml" }, { "reference_url": "https://github.com/advisories/GHSA-3mgp-fx93-9xv5", "reference_id": "GHSA-3mgp-fx93-9xv5", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3mgp-fx93-9xv5" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3936", "reference_id": "RHSA-2020:3936", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3936" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4670", "reference_id": "RHSA-2020:4670", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4670" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5571", "reference_id": "RHSA-2020:5571", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5571" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5693", "reference_id": "RHSA-2023:5693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5693" } ], "fixed_packages": [], "aliases": [ "CVE-2018-20676", "GHSA-3mgp-fx93-9xv5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-br4c-7x9j-g3f6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10206?format=api", "vulnerability_id": "VCID-hqne-7h6h-3ff8", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nIn Bootstrap, XSS is possible in the affix configuration target property.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHBA-2019:1076", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHBA-2019:1076" }, { "reference_url": "https://access.redhat.com/errata/RHBA-2019:1570", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHBA-2019:1570" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1456", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1456" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3023", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3023" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0132", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0132" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0133", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0133" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20677.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20677.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20677", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09999", "scoring_system": "epss", "scoring_elements": "0.93053", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.09999", "scoring_system": "epss", "scoring_elements": "0.93066", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.09999", "scoring_system": "epss", "scoring_elements": "0.93051", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.1017", "scoring_system": "epss", "scoring_elements": "0.93129", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.1017", "scoring_system": "epss", "scoring_elements": "0.9314", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.10242", "scoring_system": "epss", "scoring_elements": "0.93181", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.10242", "scoring_system": "epss", "scoring_elements": "0.93182", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.11866", "scoring_system": "epss", "scoring_elements": "0.93728", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.11866", "scoring_system": "epss", "scoring_elements": "0.93732", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.11866", "scoring_system": "epss", "scoring_elements": "0.93726", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.11866", "scoring_system": "epss", "scoring_elements": "0.93717", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.11866", "scoring_system": "epss", "scoring_elements": "0.93714", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.11866", "scoring_system": "epss", "scoring_elements": "0.93704", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.11866", "scoring_system": "epss", "scoring_elements": "0.93695", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20677" }, { "reference_url": "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0" }, { "reference_url": "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20677", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20677" }, { "reference_url": "https://github.com/twbs/bootstrap", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twbs/bootstrap" }, { "reference_url": "https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d" }, { "reference_url": "https://github.com/twbs/bootstrap/issues/27045", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twbs/bootstrap/issues/27045" }, { "reference_url": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906" }, { "reference_url": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628" }, { "reference_url": "https://github.com/twbs/bootstrap/pull/27047", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/twbs/bootstrap/pull/27047" }, { "reference_url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E" }, { "reference_url": "https://www.tenable.com/security/tns-2021-14", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.tenable.com/security/tns-2021-14" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668089", "reference_id": "1668089", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668089" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20677", "reference_id": "CVE-2018-20677", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20677" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2018-20677.yml", "reference_id": "CVE-2018-20677.YML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2018-20677.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-20677.yml", "reference_id": "CVE-2018-20677.YML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-20677.yml" }, { "reference_url": "https://github.com/advisories/GHSA-ph58-4vrj-w6hr", "reference_id": "GHSA-ph58-4vrj-w6hr", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-ph58-4vrj-w6hr" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3936", "reference_id": "RHSA-2020:3936", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3936" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4670", "reference_id": "RHSA-2020:4670", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4670" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5571", "reference_id": "RHSA-2020:5571", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5571" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5693", "reference_id": "RHSA-2023:5693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5693" } ], "fixed_packages": [], "aliases": [ "CVE-2018-20677", "GHSA-ph58-4vrj-w6hr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hqne-7h6h-3ff8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78042?format=api", "vulnerability_id": "VCID-xnny-adma-pycj", "summary": "ceph: RGW crash upon misconfigured CORS rule", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46159.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46159.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-46159", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07004", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07125", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.071", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07036", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07021", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07153", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07119", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07057", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07037", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07091", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07122", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07121", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.0711", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-46159" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215374", "reference_id": "2215374", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215374" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268906", "reference_id": "268906", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T14:17:32Z/" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268906" }, { "reference_url": "https://www.ibm.com/support/pages/node/7112263", "reference_id": "7112263", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T14:17:32Z/" } ], "url": "https://www.ibm.com/support/pages/node/7112263" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5693", "reference_id": "RHSA-2023:5693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0745", "reference_id": "RHSA-2024:0745", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0745" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9775", "reference_id": "RHSA-2025:9775", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9775" } ], "fixed_packages": [], "aliases": [ "CVE-2023-46159" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xnny-adma-pycj" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ceph@2:17.2.6-148%3Farch=el9cp" }