CVE-2019-8331

Published Feb 20, 2019
Last updated a year ago
CVSS medium 6.1
Overview

Description: In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
Source: cve@mitre.org
NVD status: Modified
Risk scores

CVSS 3.1

Type: Primary
Base score: 6.1
Impact score: 2.7
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM
CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses

nvd@nist.gov: CWE-79
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AF0E68F9-B5C2-4419-8530-866FD2DABFB7",
            "versionEndExcluding": "3.4.1"
          },
          {
            "criteria": "cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6BA71059-1A13-4A57-B6DD-98A79FA0630E",
            "versionEndExcluding": "4.3.1",
            "versionStartIncluding": "4.3.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EA130AF7-C25F-4C0B-ACAF-E7436C722431",
            "versionEndExcluding": "12.1.5.1",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ADEF9870-DBD7-4603-90B7-7BF14ED4B7C5",
            "versionEndExcluding": "13.1.3.4",
            "versionStartIncluding": "13.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "533D1068-0BF4-40ED-B28F-E98BF0F18454",
            "versionEndExcluding": "14.1.2.5",
            "versionStartIncluding": "14.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC5CA1E2-341C-42A9-88AC-E6C83DED0B9D",
            "versionEndExcluding": "15.1.0",
            "versionStartIncluding": "15.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1845A169-7B6C-4B7D-B8FC-0245DC1B4EEF",
            "versionEndExcluding": "12.1.5.1",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5C8CEBF-CEE7-4D05-AB46-1F22C3C29889",
            "versionEndExcluding": "13.1.3.4",
            "versionStartIncluding": "13.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37BF8F88-0F8D-45F9-95FF-052434599267",
            "versionEndExcluding": "14.1.2.5",
            "versionStartIncluding": "14.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16EBA08B-8FBD-47BE-A5BE-F5145788E8CB",
            "versionEndExcluding": "15.1.0",
            "versionStartIncluding": "15.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "09F6EC13-4398-48CB-B999-14FABE281247",
            "versionEndExcluding": "12.1.5.1",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CF28DE16-F322-42DB-B0E6-67489DD258F6",
            "versionEndExcluding": "13.1.3.4",
            "versionStartIncluding": "13.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A5BC28E-1780-4BDF-AF73-3477CC983B6A",
            "versionEndExcluding": "14.1.2.5",
            "versionStartIncluding": "14.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9228FA0A-8745-4731-A214-5A8AC0AA902A",
            "versionEndExcluding": "15.1.0",
            "versionStartIncluding": "15.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F3CFB0D-DDA1-4CFF-BAB4-96EF72F4F777",
            "versionEndExcluding": "12.1.5.1",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4115BD48-6E2A-4321-8EB7-ACCDF6CC6321",
            "versionEndExcluding": "13.1.3.4",
            "versionStartIncluding": "13.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1261AE74-41AF-4848-9AD9-46918C46845B",
            "versionEndExcluding": "14.1.2.5",
            "versionStartIncluding": "14.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8BC7ABB7-2FA9-42CA-9BEF-241A91F317FF",
            "versionEndExcluding": "15.1.0",
            "versionStartIncluding": "15.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C21D1B2-2424-4A56-A179-431EDC41B929",
            "versionEndExcluding": "12.1.5.1",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "93521D73-6412-4E80-B210-65CA6DAC8EA4",
            "versionEndExcluding": "13.1.3.4",
            "versionStartIncluding": "13.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ADFDF244-00AA-4BD9-A255-24CAF55CD6F0",
            "versionEndExcluding": "14.1.2.5",
            "versionStartIncluding": "14.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E08E3F72-4CEF-4607-8B27-515E6471B9D1",
            "versionEndExcluding": "15.1.0",
            "versionStartIncluding": "15.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E69B6320-088E-445D-8863-34CF67F172F3",
            "versionEndExcluding": "12.1.5.1",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DBA2F9FE-071E-411E-8E1F-3A8FA34D708F",
            "versionEndExcluding": "13.1.3.4",
            "versionStartIncluding": "13.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "34683A8C-E7B3-4DC4-9934-A55A44181B18",
            "versionEndExcluding": "14.1.2.5",
            "versionStartIncluding": "14.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9BE59364-3DB3-4528-AFC4-D3A39872514D",
            "versionEndExcluding": "15.1.0",
            "versionStartIncluding": "15.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E7DEDB9D-58DB-45EB-91EA-8A6694E4F29A",
            "versionEndExcluding": "12.1.5.1",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CD847946-00F8-44BE-A9C1-2D3CAA1BD63C",
            "versionEndExcluding": "13.1.3.4",
            "versionStartIncluding": "13.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "09B13A2F-D302-416C-916E-4642CC46D9F6",
            "versionEndExcluding": "14.1.2.5",
            "versionStartIncluding": "14.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EEA3324A-4661-4CCF-9E40-DD50162542A0",
            "versionEndExcluding": "15.1.0",
            "versionStartIncluding": "15.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "95EDA820-6FDE-44B9-89CE-B83847416CF4",
            "versionEndExcluding": "12.1.5.1",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1A077B3F-F587-47FA-912A-9816EADA9CFA",
            "versionEndExcluding": "13.1.3.4",
            "versionStartIncluding": "13.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F14E9A0-3E7E-440E-B323-BED2D3E3F221",
            "versionEndExcluding": "14.1.2.5",
            "versionStartIncluding": "14.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F14F10D9-4F2D-4C6D-8B0C-9775ED35DFEF",
            "versionEndExcluding": "15.1.0",
            "versionStartIncluding": "15.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DFF4B95E-40C6-4C8F-81BD-172A907CA5FD",
            "versionEndExcluding": "12.1.5.1",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "93F6D55C-8873-470A-9E93-42F6A2DDE07F",
            "versionEndExcluding": "13.1.3.4",
            "versionStartIncluding": "13.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F72B979A-B35A-464D-BCA1-2A5BD0A29886",
            "versionEndExcluding": "14.1.2.5",
            "versionStartIncluding": "14.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "14CEF743-6C3B-4D90-99BF-6A27B37ADAEA",
            "versionEndExcluding": "15.1.0",
            "versionStartIncluding": "15.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BFA7EEBD-F6F6-4243-B57D-BE210D8E16CF",
            "versionEndExcluding": "12.1.5.1",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "787DA0E4-D4A0-4622-8AC0-9386EE3F62B0",
            "versionEndExcluding": "13.1.3.4",
            "versionStartIncluding": "13.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EC366757-92D1-49ED-A641-47139AEEF613",
            "versionEndExcluding": "14.1.2.5",
            "versionStartIncluding": "14.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "542EB351-79B1-4A9D-A5A1-2F3E0E88963C",
            "versionEndExcluding": "15.1.0",
            "versionStartIncluding": "15.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "591EA641-C103-4575-97D5-15D41B20E581",
            "versionEndExcluding": "12.1.5.1",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C1BEC52-BC21-4996-A34F-4D9DF4D2F087",
            "versionEndExcluding": "13.1.3.4",
            "versionStartIncluding": "13.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8CA439FF-659C-4F34-9CBD-76D95A96E063",
            "versionEndExcluding": "14.1.2.5",
            "versionStartIncluding": "14.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "895E610D-52F6-45CA-B205-D110A1DC6BEC",
            "versionEndExcluding": "15.1.0",
            "versionStartIncluding": "15.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9866C62F-DA11-43B1-B475-A07B1B58933D",
            "versionEndExcluding": "12.1.5.1",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12351892-247E-477C-8C50-E0DA37F6A716",
            "versionEndExcluding": "13.1.3.4",
            "versionStartIncluding": "13.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "90D4E2C9-4353-49E7-B5C7-E9E7140F49AC",
            "versionEndExcluding": "14.1.2.5",
            "versionStartIncluding": "14.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4B114C6C-E950-4B75-B341-022799ABBACF",
            "versionEndExcluding": "15.1.0",
            "versionStartIncluding": "15.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BC99D7B3-65E5-4C9E-9D34-FF9161295F86",
            "versionEndExcluding": "12.1.5.1",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A6C6F80B-85DC-461E-9BF9-6EF41C467243",
            "versionEndExcluding": "13.1.3.4",
            "versionStartIncluding": "13.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0C65C13-C852-4A12-BFC0-A4DB201FFCAF",
            "versionEndExcluding": "14.1.2.5",
            "versionStartIncluding": "14.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57FD7F09-9829-42B0-913E-A43129AD758B",
            "versionEndExcluding": "15.1.0",
            "versionStartIncluding": "15.0.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9FA1A18F-D997-4121-A01B-FD9B3BF266CF"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "41DBA7C7-8084-45F6-B59D-13A9022C34DF",
            "versionEndExcluding": "5.19.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
