Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.webjars/bootstrap@3.0.0-rc1
Typemaven
Namespaceorg.webjars
Namebootstrap
Version3.0.0-rc1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.0.0-alpha
Latest_non_vulnerable_version5.0.0
Affected_by_vulnerabilities
0
url VCID-br4c-7x9j-g3f6
vulnerability_id VCID-br4c-7x9j-g3f6
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
In Bootstrap, XSS is possible in the tooltip data-viewport attribute.
references
0
reference_url https://access.redhat.com/errata/RHBA-2019:1076
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2019:1076
1
reference_url https://access.redhat.com/errata/RHBA-2019:1570
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2019:1570
2
reference_url https://access.redhat.com/errata/RHSA-2019:1456
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1456
3
reference_url https://access.redhat.com/errata/RHSA-2019:3023
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3023
4
reference_url https://access.redhat.com/errata/RHSA-2020:0132
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0132
5
reference_url https://access.redhat.com/errata/RHSA-2020:0133
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0133
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20676.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20676.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-20676
reference_id
reference_type
scores
0
value 0.05658
scoring_system epss
scoring_elements 0.90371
published_at 2026-04-13T12:55:00Z
1
value 0.05658
scoring_system epss
scoring_elements 0.90377
published_at 2026-04-12T12:55:00Z
2
value 0.05658
scoring_system epss
scoring_elements 0.90386
published_at 2026-04-18T12:55:00Z
3
value 0.06144
scoring_system epss
scoring_elements 0.90768
published_at 2026-04-01T12:55:00Z
4
value 0.06144
scoring_system epss
scoring_elements 0.90822
published_at 2026-04-11T12:55:00Z
5
value 0.06144
scoring_system epss
scoring_elements 0.90813
published_at 2026-04-09T12:55:00Z
6
value 0.06144
scoring_system epss
scoring_elements 0.90806
published_at 2026-04-08T12:55:00Z
7
value 0.06144
scoring_system epss
scoring_elements 0.90796
published_at 2026-04-07T12:55:00Z
8
value 0.06144
scoring_system epss
scoring_elements 0.90785
published_at 2026-04-04T12:55:00Z
9
value 0.06144
scoring_system epss
scoring_elements 0.90774
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-20676
8
reference_url https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0
9
reference_url https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/
reference_id
reference_type
scores
url https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20676
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20676
11
reference_url https://github.com/twbs/bootstrap
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twbs/bootstrap
12
reference_url https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d
13
reference_url https://github.com/twbs/bootstrap/issues/27044
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twbs/bootstrap/issues/27044
14
reference_url https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906
15
reference_url https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628
16
reference_url https://github.com/twbs/bootstrap/pull/27047
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twbs/bootstrap/pull/27047
17
reference_url https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E
19
reference_url https://www.tenable.com/security/tns-2021-14
reference_id
reference_type
scores
url https://www.tenable.com/security/tns-2021-14
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1668082
reference_id 1668082
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1668082
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-20676
reference_id CVE-2018-20676
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:P/A:N
1
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-20676
23
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2018-20676.yml
reference_id CVE-2018-20676.YML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2018-20676.yml
24
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-20676.yml
reference_id CVE-2018-20676.YML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-20676.yml
25
reference_url https://github.com/advisories/GHSA-3mgp-fx93-9xv5
reference_id GHSA-3mgp-fx93-9xv5
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3mgp-fx93-9xv5
26
reference_url https://access.redhat.com/errata/RHSA-2020:3936
reference_id RHSA-2020:3936
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3936
27
reference_url https://access.redhat.com/errata/RHSA-2020:4670
reference_id RHSA-2020:4670
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4670
28
reference_url https://access.redhat.com/errata/RHSA-2020:5571
reference_id RHSA-2020:5571
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5571
29
reference_url https://access.redhat.com/errata/RHSA-2023:5693
reference_id RHSA-2023:5693
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5693
fixed_packages
0
url pkg:maven/org.webjars/bootstrap@3.4.0
purl pkg:maven/org.webjars/bootstrap@3.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p87t-vvdx-b7dv
1
vulnerability VCID-yzg2-xekr-ykd9
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.webjars/bootstrap@3.4.0
aliases CVE-2018-20676, GHSA-3mgp-fx93-9xv5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-br4c-7x9j-g3f6
1
url VCID-eh2s-9hss-yken
vulnerability_id VCID-eh2s-9hss-yken
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
In Bootstrap, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
references
0
reference_url https://access.redhat.com/errata/RHBA-2019:1076
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2019:1076
1
reference_url https://access.redhat.com/errata/RHBA-2019:1570
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2019:1570
2
reference_url https://access.redhat.com/errata/RHSA-2019:1456
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1456
3
reference_url https://access.redhat.com/errata/RHSA-2019:3023
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3023
4
reference_url https://access.redhat.com/errata/RHSA-2020:0132
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0132
5
reference_url https://access.redhat.com/errata/RHSA-2020:0133
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0133
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10735.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10735.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-10735
reference_id
reference_type
scores
0
value 0.06043
scoring_system epss
scoring_elements 0.90722
published_at 2026-04-08T12:55:00Z
1
value 0.06043
scoring_system epss
scoring_elements 0.90711
published_at 2026-04-07T12:55:00Z
2
value 0.06043
scoring_system epss
scoring_elements 0.90702
published_at 2026-04-04T12:55:00Z
3
value 0.06043
scoring_system epss
scoring_elements 0.90692
published_at 2026-04-02T12:55:00Z
4
value 0.06043
scoring_system epss
scoring_elements 0.90686
published_at 2026-04-01T12:55:00Z
5
value 0.06043
scoring_system epss
scoring_elements 0.90728
published_at 2026-04-09T12:55:00Z
6
value 0.06043
scoring_system epss
scoring_elements 0.90737
published_at 2026-04-11T12:55:00Z
7
value 0.06584
scoring_system epss
scoring_elements 0.91181
published_at 2026-04-18T12:55:00Z
8
value 0.06584
scoring_system epss
scoring_elements 0.91157
published_at 2026-04-12T12:55:00Z
9
value 0.06584
scoring_system epss
scoring_elements 0.91156
published_at 2026-04-13T12:55:00Z
10
value 0.06702
scoring_system epss
scoring_elements 0.91273
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-10735
8
reference_url https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2
9
reference_url https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements
url https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/
10
reference_url https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0
11
reference_url https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements
url https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10735
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10735
13
reference_url https://github.com/github/advisory-database/pull/3281
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/github/advisory-database/pull/3281
14
reference_url https://github.com/twbs/bootstrap
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twbs/bootstrap
15
reference_url https://github.com/twbs/bootstrap/issues/20184
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twbs/bootstrap/issues/20184
16
reference_url https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906
17
reference_url https://github.com/twbs/bootstrap/pull/23679
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twbs/bootstrap/pull/23679
18
reference_url https://github.com/twbs/bootstrap/pull/23687
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twbs/bootstrap/pull/23687
19
reference_url https://github.com/twbs/bootstrap/pull/26460
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twbs/bootstrap/pull/26460
20
reference_url https://www.tenable.com/security/tns-2021-14
reference_id
reference_type
scores
url https://www.tenable.com/security/tns-2021-14
21
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1668097
reference_id 1668097
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1668097
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*
reference_id cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-10735
reference_id CVE-2016-10735
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:P/A:N
1
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-10735
25
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2016-10735.yml
reference_id CVE-2016-10735.YML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2016-10735.yml
26
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2016-10735.yml
reference_id CVE-2016-10735.YML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2016-10735.yml
27
reference_url https://github.com/advisories/GHSA-4p24-vmcr-4gqj
reference_id GHSA-4p24-vmcr-4gqj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4p24-vmcr-4gqj
28
reference_url https://access.redhat.com/errata/RHSA-2020:3936
reference_id RHSA-2020:3936
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3936
29
reference_url https://access.redhat.com/errata/RHSA-2020:4670
reference_id RHSA-2020:4670
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4670
30
reference_url https://access.redhat.com/errata/RHSA-2020:4847
reference_id RHSA-2020:4847
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4847
31
reference_url https://access.redhat.com/errata/RHSA-2020:5571
reference_id RHSA-2020:5571
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5571
32
reference_url https://access.redhat.com/errata/RHSA-2023:0552
reference_id RHSA-2023:0552
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0552
33
reference_url https://access.redhat.com/errata/RHSA-2023:0553
reference_id RHSA-2023:0553
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0553
34
reference_url https://access.redhat.com/errata/RHSA-2023:0554
reference_id RHSA-2023:0554
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0554
35
reference_url https://access.redhat.com/errata/RHSA-2023:0556
reference_id RHSA-2023:0556
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0556
fixed_packages
0
url pkg:maven/org.webjars/bootstrap@3.4.0
purl pkg:maven/org.webjars/bootstrap@3.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p87t-vvdx-b7dv
1
vulnerability VCID-yzg2-xekr-ykd9
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.webjars/bootstrap@3.4.0
1
url pkg:maven/org.webjars/bootstrap@4.0.0-beta.2
purl pkg:maven/org.webjars/bootstrap@4.0.0-beta.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.webjars/bootstrap@4.0.0-beta.2
aliases CVE-2016-10735, GHSA-4p24-vmcr-4gqj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eh2s-9hss-yken
2
url VCID-hqne-7h6h-3ff8
vulnerability_id VCID-hqne-7h6h-3ff8
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
In Bootstrap, XSS is possible in the affix configuration target property.
references
0
reference_url https://access.redhat.com/errata/RHBA-2019:1076
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2019:1076
1
reference_url https://access.redhat.com/errata/RHBA-2019:1570
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2019:1570
2
reference_url https://access.redhat.com/errata/RHSA-2019:1456
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1456
3
reference_url https://access.redhat.com/errata/RHSA-2019:3023
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3023
4
reference_url https://access.redhat.com/errata/RHSA-2020:0132
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0132
5
reference_url https://access.redhat.com/errata/RHSA-2020:0133
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0133
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20677.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20677.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-20677
reference_id
reference_type
scores
0
value 0.09999
scoring_system epss
scoring_elements 0.93053
published_at 2026-04-13T12:55:00Z
1
value 0.09999
scoring_system epss
scoring_elements 0.93051
published_at 2026-04-12T12:55:00Z
2
value 0.09999
scoring_system epss
scoring_elements 0.93066
published_at 2026-04-18T12:55:00Z
3
value 0.1017
scoring_system epss
scoring_elements 0.93129
published_at 2026-04-16T12:55:00Z
4
value 0.11866
scoring_system epss
scoring_elements 0.93717
published_at 2026-04-07T12:55:00Z
5
value 0.11866
scoring_system epss
scoring_elements 0.93732
published_at 2026-04-11T12:55:00Z
6
value 0.11866
scoring_system epss
scoring_elements 0.93728
published_at 2026-04-09T12:55:00Z
7
value 0.11866
scoring_system epss
scoring_elements 0.93726
published_at 2026-04-08T12:55:00Z
8
value 0.11866
scoring_system epss
scoring_elements 0.93704
published_at 2026-04-02T12:55:00Z
9
value 0.11866
scoring_system epss
scoring_elements 0.93714
published_at 2026-04-04T12:55:00Z
10
value 0.11866
scoring_system epss
scoring_elements 0.93695
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-20677
8
reference_url https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0
9
reference_url https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/
reference_id
reference_type
scores
url https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20677
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20677
11
reference_url https://github.com/twbs/bootstrap
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twbs/bootstrap
12
reference_url https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d
13
reference_url https://github.com/twbs/bootstrap/issues/27045
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twbs/bootstrap/issues/27045
14
reference_url https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906
15
reference_url https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628
16
reference_url https://github.com/twbs/bootstrap/pull/27047
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twbs/bootstrap/pull/27047
17
reference_url https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3E
19
reference_url https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E
20
reference_url https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E
21
reference_url https://www.tenable.com/security/tns-2021-14
reference_id
reference_type
scores
url https://www.tenable.com/security/tns-2021-14
22
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1668089
reference_id 1668089
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1668089
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-20677
reference_id CVE-2018-20677
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:P/A:N
1
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-20677
25
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2018-20677.yml
reference_id CVE-2018-20677.YML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2018-20677.yml
26
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-20677.yml
reference_id CVE-2018-20677.YML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-20677.yml
27
reference_url https://github.com/advisories/GHSA-ph58-4vrj-w6hr
reference_id GHSA-ph58-4vrj-w6hr
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ph58-4vrj-w6hr
28
reference_url https://access.redhat.com/errata/RHSA-2020:3936
reference_id RHSA-2020:3936
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3936
29
reference_url https://access.redhat.com/errata/RHSA-2020:4670
reference_id RHSA-2020:4670
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4670
30
reference_url https://access.redhat.com/errata/RHSA-2020:5571
reference_id RHSA-2020:5571
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5571
31
reference_url https://access.redhat.com/errata/RHSA-2023:5693
reference_id RHSA-2023:5693
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5693
fixed_packages
0
url pkg:maven/org.webjars/bootstrap@3.4.0
purl pkg:maven/org.webjars/bootstrap@3.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p87t-vvdx-b7dv
1
vulnerability VCID-yzg2-xekr-ykd9
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.webjars/bootstrap@3.4.0
aliases CVE-2018-20677, GHSA-ph58-4vrj-w6hr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hqne-7h6h-3ff8
3
url VCID-yzg2-xekr-ykd9
vulnerability_id VCID-yzg2-xekr-ykd9
summary 
Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability
## Withdrawn Advisory
This advisory has been withdrawn because it was determined to not be a vulnerability in Bootstrap. From the CVE:

> This was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior fell outside the scope of Bootstrap’s security model, and the associated CVE has been rescinded.

## Original Description
A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the `data-slide` and `data-slide-to` attributes can be exploited through the href attribute of an `<a>` tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.
references
0
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2024-6484.yml
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2024-6484.yml
1
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2024-6484.yml
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2024-6484.yml
2
reference_url https://github.com/twbs/bootstrap
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twbs/bootstrap
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-6484
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-6484
4
reference_url https://www.herodevs.com/vulnerability-directory/cve-2024-6484
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.herodevs.com/vulnerability-directory/cve-2024-6484
5
reference_url https://github.com/advisories/GHSA-9mvj-f7w8-pvh2
reference_id GHSA-9mvj-f7w8-pvh2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9mvj-f7w8-pvh2
6
reference_url https://usn.ubuntu.com/7556-1/
reference_id USN-7556-1
reference_type
scores
url https://usn.ubuntu.com/7556-1/
fixed_packages
0
url pkg:maven/org.webjars/bootstrap@4.0.0-alpha
purl pkg:maven/org.webjars/bootstrap@4.0.0-alpha
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.webjars/bootstrap@4.0.0-alpha
aliases CVE-2024-6484, GHSA-9mvj-f7w8-pvh2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yzg2-xekr-ykd9
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.webjars/bootstrap@3.0.0-rc1