Search for packages
| purl | pkg:deb/debian/twitter-bootstrap3@3.2.0%2Bdfsg-1 |
| Next non-vulnerable version | 3.4.1+dfsg-6 |
| Latest non-vulnerable version | 3.4.1+dfsg-6 |
| Risk | 3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-5v1f-dupg-y7bc
Aliases: CVE-2024-6485 GHSA-vxmc-5x29-h64v |
Bootstrap Cross-Site Scripting (XSS) vulnerability for data-* attributes A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting (XSS) attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribute, which would then be executed when the button's loading state is triggered. |
Affected by 1 other vulnerability. |
|
VCID-br4c-7x9j-g3f6
Aliases: CVE-2018-20676 GHSA-3mgp-fx93-9xv5 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the tooltip data-viewport attribute. |
Affected by 2 other vulnerabilities. |
|
VCID-eh2s-9hss-yken
Aliases: CVE-2016-10735 GHSA-4p24-vmcr-4gqj |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041. |
Affected by 2 other vulnerabilities. |
|
VCID-hbwg-ebvx-k7e1
Aliases: CVE-2018-14040 GHSA-3wqf-4x89-9g79 |
Cross-site Scripting In Bootstrap, XSS is possible in the collapse data-parent attribute. |
Affected by 2 other vulnerabilities. |
|
VCID-hqne-7h6h-3ff8
Aliases: CVE-2018-20677 GHSA-ph58-4vrj-w6hr |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the affix configuration target property. |
Affected by 2 other vulnerabilities. |
|
VCID-m8sd-c588-mqbr
Aliases: CVE-2025-1647 GHSA-q58r-hwc8-rm9j |
Bootstrap Vulnerable to Cross-Site Scripting in its Popover and Tooltip Components Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bootstrap allows Cross-Site Scripting (XSS). This issue affects Bootstrap version 3.4.1. At time of publication, there is no publicly available patched version. |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
|
VCID-p87t-vvdx-b7dv
Aliases: CVE-2019-8331 GHSA-9v3m-8fp8-mj99 GHSA-fxwm-579q-49qq GHSA-wh77-3x4m-4q9g |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the tooltip or popover data-template attribute. |
Affected by 2 other vulnerabilities. |
|
VCID-vfsr-kypp-wbea
Aliases: CVE-2018-14042 GHSA-7mvr-5x2g-wfc8 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the data-container property of tooltip. |
Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||