vulnerability
Red Hat JBoss EAP: CVE-2019-8331: Cross-site Scripting
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Feb 11, 2019 | Sep 19, 2024 | Jul 2, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Feb 11, 2019
Added
Sep 19, 2024
Modified
Jul 2, 2025
Description
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.. A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired.
Solution
red-hat-jboss-eap-upgrade-latest
References
- CWE-79
- CVE-2019-8331
- https://attackerkb.com/topics/CVE-2019-8331
- https://access.redhat.com/security/cve/CVE-2019-8331
- https://bugzilla.redhat.com/show_bug.cgi?id=1686454
- https://access.redhat.com/errata/RHSA-2023:0552
- https://access.redhat.com/errata/RHSA-2023:0553
- https://access.redhat.com/errata/RHSA-2023:0554
- https://access.redhat.com/errata/RHSA-2023:0556
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.