Update/Patch bootstrap.js inside /apps/lib/ (CVE-2016-10735,CVE-2018-20676,CVE-2018-20677, MEDIUM) (MINDBREEZE31787)

ID: MINDBREEZE31787 
Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS   
Severity: 6.1 MEDIUM 
Status: Final 
First published: September 04, 2024 
CVEs: CVE-2016-10735 CVE-2018-20676 CVE-2018-20677 

Summary

• CVE-2016-10735 bootstrap XSS is possible in the data-target attribute
• CVE-2018-20676 bootstrap XSS is possible in the tooltip data-viewport attribute
• CVE-2018-20677 bootstrap XSS is possible in the affix configuration target property 

Hotfix Information 

Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: 

• Mindbreeze InSpire SaaS 24.5 Release
• Mindbreeze InSpire 24.5 Release