Vulnerability from drupal
Published
2018-11-28 17:32
Modified
2023-08-11 21:15
Summary
Details

This base theme bridges the gap between Drupal and the Bootstrap Framework.

The theme doesn't sufficiently filter valid targets under the scenario of opening modals, popovers, and tooltips.

This vulnerability is mitigated by the fact that an attacker must already have the ability to either:

  1. Edit/save custom content that supplies a value for the data-target attribute by injecting malicious code.
  2. Inject custom markup onto the page that further exploits the data-target attribute by injecting malicious code. This method of attack is highly unlikely if they already have this level of access.

Note: while the base-theme does not provide either of these opportunities to do this out-of-the-box; a custom sub-theme may, however, be susceptible if it didn't sanitize or filter user provided input for XSS properly.

Credits
Gomez_in_the_South www.drupal.org/user/153735
To clipboard 

{
  "affected": [
    {
      "database_specific": {
        "affected_versions": "\u003c3.14.0"
      },
      "package": {
        "ecosystem": "Packagist:https://packages.drupal.org/8",
        "name": "drupal/bootstrap"
      },
      "ranges": [
        {
          "database_specific": {
            "constraint": "\u003c3.14.0"
          },
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.14.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "severity": []
    }
  ],
  "aliases": [],
  "credits": [
    {
      "contact": [
        "https://www.drupal.org/user/153735"
      ],
      "name": "Gomez_in_the_South"
    }
  ],
  "details": "This base theme bridges the gap between Drupal and the Bootstrap Framework.\n\nThe theme doesn\u0027t sufficiently filter valid targets under the scenario of opening modals, popovers, and tooltips.\n\nThis vulnerability is mitigated by the fact that an attacker must already have the ability to either:\n\n1. Edit/save custom content that supplies a value for the `data-target` attribute by injecting malicious code.\n2. Inject custom markup onto the page that further exploits the `data-target` attribute by injecting malicious code. This method of attack is highly unlikely if they already have this level of access.\n\nNote: while the base-theme does not provide either of these opportunities to do this out-of-the-box; a custom sub-theme may, however, be susceptible if it didn\u0027t sanitize or filter user provided input for XSS properly.",
  "id": "DRUPAL-CONTRIB-2018-074",
  "modified": "2023-08-11T21:15:17.000Z",
  "published": "2018-11-28T17:32:56.000Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://www.drupal.org/sa-contrib-2018-074"
    }
  ],
  "schema_version": "1.7.0"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.