VulnerableCode Package Details - pkg:composer/twbs/bootstrap@4.1.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-3gg5-1921-rbfs Aliases: CVE-2018-14041 GHSA-pj7m-g53m-7638	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the data-target property of scrollspy.	4.1.2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-hbwg-ebvx-k7e1 Aliases: CVE-2018-14040 GHSA-3wqf-4x89-9g79	Cross-site Scripting In Bootstrap, XSS is possible in the collapse data-parent attribute.	4.1.2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-p87t-vvdx-b7dv Aliases: CVE-2019-8331 GHSA-9v3m-8fp8-mj99 GHSA-fxwm-579q-49qq GHSA-wh77-3x4m-4q9g	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the tooltip or popover data-template attribute.	4.3.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-qnq4-m5wm-qbhm Aliases: CVE-2024-6531 GHSA-vc8w-jr9v-vj7f	Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability ## Withdrawn Advisory This advisory is withdrawn because it was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior fell outside the scope of Bootstrap’s security model, and the associated CVE has been rescinded. ## Original Descripton A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.	5.0.0-alpha1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 5.0.0 Affected by 0 other vulnerabilities.
VCID-vfsr-kypp-wbea Aliases: CVE-2018-14042 GHSA-7mvr-5x2g-wfc8	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the data-container property of tooltip.	4.1.2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-3gg5-1921-rbfs
Aliases:
CVE-2018-14041
GHSA-pj7m-g53m-7638

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the data-target property of scrollspy.

4.1.2
Affected by 2 other vulnerabilities.

VCID-hbwg-ebvx-k7e1
Aliases:
CVE-2018-14040
GHSA-3wqf-4x89-9g79

Cross-site Scripting In Bootstrap, XSS is possible in the collapse data-parent attribute.

4.1.2
Affected by 2 other vulnerabilities.

VCID-p87t-vvdx-b7dv
Aliases:
CVE-2019-8331
GHSA-9v3m-8fp8-mj99
GHSA-fxwm-579q-49qq
GHSA-wh77-3x4m-4q9g

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the tooltip or popover data-template attribute.

4.3.1
Affected by 1 other vulnerability.

VCID-qnq4-m5wm-qbhm
Aliases:
CVE-2024-6531
GHSA-vc8w-jr9v-vj7f

Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability ## Withdrawn Advisory This advisory is withdrawn because it was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior fell outside the scope of Bootstrap’s security model, and the associated CVE has been rescinded. ## Original Descripton A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.

5.0.0-alpha1
Affected by 1 other vulnerability.

5.0.0
Affected by 0 other vulnerabilities.

VCID-vfsr-kypp-wbea
Aliases:
CVE-2018-14042
GHSA-7mvr-5x2g-wfc8

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the data-container property of tooltip.

4.1.2
Affected by 2 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T23:04:12.497222+00:00	GitLab Importer	Affected by	VCID-qnq4-m5wm-qbhm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twbs/bootstrap/CVE-2024-6531.yml	38.4.0
2026-04-16T21:49:23.448609+00:00	GitLab Importer	Affected by	VCID-hbwg-ebvx-k7e1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twbs/bootstrap/CVE-2018-14040.yml	38.4.0
2026-04-16T20:52:33.838723+00:00	GitLab Importer	Affected by	VCID-p87t-vvdx-b7dv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twbs/bootstrap/CVE-2019-8331.yml	38.4.0
2026-04-16T20:47:31.485977+00:00	GitLab Importer	Affected by	VCID-vfsr-kypp-wbea	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twbs/bootstrap/CVE-2018-14042.yml	38.4.0
2026-04-16T20:47:30.212730+00:00	GitLab Importer	Affected by	VCID-3gg5-1921-rbfs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twbs/bootstrap/CVE-2018-14041.yml	38.4.0
2026-04-16T03:09:00.079677+00:00	GHSA Importer	Affected by	VCID-qnq4-m5wm-qbhm	https://github.com/advisories/GHSA-vc8w-jr9v-vj7f	38.4.0
2026-04-12T00:22:05.746630+00:00	GitLab Importer	Affected by	VCID-qnq4-m5wm-qbhm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twbs/bootstrap/CVE-2024-6531.yml	38.3.0
2026-04-11T23:05:23.455981+00:00	GitLab Importer	Affected by	VCID-hbwg-ebvx-k7e1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twbs/bootstrap/CVE-2018-14040.yml	38.3.0
2026-04-11T22:03:23.436989+00:00	GitLab Importer	Affected by	VCID-p87t-vvdx-b7dv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twbs/bootstrap/CVE-2019-8331.yml	38.3.0
2026-04-11T21:58:23.888357+00:00	GitLab Importer	Affected by	VCID-vfsr-kypp-wbea	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twbs/bootstrap/CVE-2018-14042.yml	38.3.0
2026-04-11T21:58:22.546244+00:00	GitLab Importer	Affected by	VCID-3gg5-1921-rbfs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twbs/bootstrap/CVE-2018-14041.yml	38.3.0
2026-04-11T14:37:41.362956+00:00	GHSA Importer	Affected by	VCID-qnq4-m5wm-qbhm	https://github.com/advisories/GHSA-vc8w-jr9v-vj7f	38.3.0
2026-04-03T00:29:40.940712+00:00	GitLab Importer	Affected by	VCID-qnq4-m5wm-qbhm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twbs/bootstrap/CVE-2024-6531.yml	38.1.0
2026-04-02T23:13:38.357674+00:00	GitLab Importer	Affected by	VCID-hbwg-ebvx-k7e1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twbs/bootstrap/CVE-2018-14040.yml	38.1.0
2026-04-02T22:16:24.637883+00:00	GitLab Importer	Affected by	VCID-p87t-vvdx-b7dv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twbs/bootstrap/CVE-2019-8331.yml	38.1.0
2026-04-02T22:11:43.458201+00:00	GitLab Importer	Affected by	VCID-vfsr-kypp-wbea	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twbs/bootstrap/CVE-2018-14042.yml	38.1.0
2026-04-02T22:11:42.224317+00:00	GitLab Importer	Affected by	VCID-3gg5-1921-rbfs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twbs/bootstrap/CVE-2018-14041.yml	38.1.0
2026-04-02T15:18:19.100183+00:00	GHSA Importer	Affected by	VCID-qnq4-m5wm-qbhm	https://github.com/advisories/GHSA-vc8w-jr9v-vj7f	38.1.0
2026-04-01T17:33:38.237844+00:00	GitLab Importer	Affected by	VCID-hbwg-ebvx-k7e1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twbs/bootstrap/CVE-2018-14040.yml	38.0.0
2026-04-01T16:33:59.728377+00:00	GitLab Importer	Affected by	VCID-p87t-vvdx-b7dv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twbs/bootstrap/CVE-2019-8331.yml	38.0.0
2026-04-01T16:29:05.382805+00:00	GitLab Importer	Affected by	VCID-vfsr-kypp-wbea	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twbs/bootstrap/CVE-2018-14042.yml	38.0.0
2026-04-01T16:29:04.113837+00:00	GitLab Importer	Affected by	VCID-3gg5-1921-rbfs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twbs/bootstrap/CVE-2018-14041.yml	38.0.0