VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-n15b-85zy-2yhm

Essentials
Severities (2)
References (27)
Severity details (1)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-n15b-85zy-2yhm
Aliases	CVE-2018-14042 GHSA-7mvr-5x2g-wfc8
Summary	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the data-container property of tooltip.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.02281	https://api.first.org/data/v1/epss?cve=CVE-2018-14042
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-7mvr-5x2g-wfc8

Reference id	Reference type	URL
		http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html
		https://api.first.org/data/v1/epss?cve=CVE-2018-14042
		https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2
		https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/
		http://seclists.org/fulldisclosure/2019/May/10
		http://seclists.org/fulldisclosure/2019/May/11
		http://seclists.org/fulldisclosure/2019/May/13
		https://github.com/twbs/bootstrap
		https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d
		https://github.com/twbs/bootstrap/commit/2d90d369bbc2bd2647620246c55cec8c4705e3d0
		https://github.com/twbs/bootstrap/issues/26423
		https://github.com/twbs/bootstrap/issues/26428
		https://github.com/twbs/bootstrap/issues/26628
		https://github.com/twbs/bootstrap/pull/26630
		https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
		https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E
		https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
		https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
		https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714@%3Cissues.hbase.apache.org%3E
		https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E
		https://seclists.org/bugtraq/2019/May/18
		https://www.oracle.com/security-alerts/cpuApr2021.html
		https://www.tenable.com/security/tns-2021-14
CVE-2018-14042		https://nvd.nist.gov/vuln/detail/CVE-2018-14042
CVE-2018-14042.YML		https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2018-14042.yml
CVE-2018-14042.YML		https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-14042.yml
GHSA-7mvr-5x2g-wfc8		https://github.com/advisories/GHSA-7mvr-5x2g-wfc8

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.84951
EPSS Score	0.02281
Published At	May 30, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-05-30T20:53:56.226654+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Bootstrap.Less/CVE-2018-14042.yml	38.6.0