vulnerability
Red Hat JBoss EAP: CVE-2019-8331: Cross-site Scripting
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Feb 11, 2019 | Sep 19, 2024 | Jul 2, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Feb 11, 2019
Added
Sep 19, 2024
Modified
Jul 2, 2025
Description
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.. A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired.
Solution
red-hat-jboss-eap-upgrade-latest
References
- CWE-79
- CVE-2019-8331
- https://attackerkb.com/topics/CVE-2019-8331
- URL-https://access.redhat.com/security/cve/CVE-2019-8331
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=1686454
- URL-https://access.redhat.com/errata/RHSA-2023:0552
- URL-https://access.redhat.com/errata/RHSA-2023:0553
- URL-https://access.redhat.com/errata/RHSA-2023:0554
- URL-https://access.redhat.com/errata/RHSA-2023:0556
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.