VulnerableCode Package Details - pkg:gem/twitter-bootstrap-rails@3.2.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-p87t-vvdx-b7dv Aliases: CVE-2019-8331 GHSA-9v3m-8fp8-mj99 GHSA-fxwm-579q-49qq GHSA-wh77-3x4m-4q9g	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the tooltip or popover data-template attribute.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-p87t-vvdx-b7dv
Aliases:
CVE-2019-8331
GHSA-9v3m-8fp8-mj99
GHSA-fxwm-579q-49qq
GHSA-wh77-3x4m-4q9g

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the tooltip or popover data-template attribute.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
VCID-6kww-bg82-13f3	Reflective XSS Vulnerability The gem contains a flaw that enables a reflected cross-site scripting (XSS) attack. This flaw exists because the bootstrap_flash helper method does not validate input when handling flash messages before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.	CVE-2014-4920 GHSA-vpqv-mqvc-pcx2 OSV-109206

Vulnerability

Summary

Aliases

VCID-6kww-bg82-13f3

Reflective XSS Vulnerability The gem contains a flaw that enables a reflected cross-site scripting (XSS) attack. This flaw exists because the bootstrap_flash helper method does not validate input when handling flash messages before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.

CVE-2014-4920
GHSA-vpqv-mqvc-pcx2
OSV-109206

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T20:52:35.847707+00:00	GitLab Importer	Affected by	VCID-p87t-vvdx-b7dv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/twitter-bootstrap-rails/CVE-2019-8331.yml	38.4.0
2026-04-11T22:03:24.832950+00:00	GitLab Importer	Affected by	VCID-p87t-vvdx-b7dv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/twitter-bootstrap-rails/CVE-2019-8331.yml	38.3.0
2026-04-02T22:16:26.113127+00:00	GitLab Importer	Affected by	VCID-p87t-vvdx-b7dv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/twitter-bootstrap-rails/CVE-2019-8331.yml	38.1.0
2026-04-02T16:59:08.364583+00:00	GHSA Importer	Fixing	VCID-6kww-bg82-13f3	https://github.com/advisories/GHSA-vpqv-mqvc-pcx2	38.1.0
2026-04-01T16:34:01.372177+00:00	GitLab Importer	Affected by	VCID-p87t-vvdx-b7dv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/twitter-bootstrap-rails/CVE-2019-8331.yml	38.0.0
2026-04-01T12:58:43.779627+00:00	GithubOSV Importer	Fixing	VCID-6kww-bg82-13f3	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-vpqv-mqvc-pcx2/GHSA-vpqv-mqvc-pcx2.json	38.0.0
2026-04-01T12:46:52.195957+00:00	GitLab Importer	Fixing	VCID-6kww-bg82-13f3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/twitter-bootstrap-rails/CVE-2014-4920.yml	38.0.0