VulnerableCode Package Details - pkg:nuget/Bootstrap.Less@3.3.6-jQuery3

Search for packages

Vulnerability	Summary	Fixed by
VCID-4wt8-wyvc-1uca Aliases: CVE-2019-8331 GHSA-9v3m-8fp8-mj99 GHSA-fxwm-579q-49qq GHSA-wh77-3x4m-4q9g	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the tooltip or popover data-template attribute.	3.4.1 Affected by 0 other vulnerabilities.
VCID-7ch1-q9f4-a7bt Aliases: CVE-2018-14041 GHSA-pj7m-g53m-7638	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the data-target property of scrollspy.	There are no reported fixed by versions.
VCID-dxpb-rn46-rbd8 Aliases: CVE-2018-20676 GHSA-3mgp-fx93-9xv5	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the tooltip data-viewport attribute.	3.4.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-hbhg-1exc-kbfy Aliases: CVE-2018-20677 GHSA-ph58-4vrj-w6hr	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the affix configuration target property.	3.4.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-r4qe-549h-nfh1 Aliases: CVE-2016-10735 GHSA-4p24-vmcr-4gqj	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.	3.4.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-vsty-6vqf-pkeg Aliases: CVE-2018-14042 GHSA-7mvr-5x2g-wfc8	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the data-container property of tooltip.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-4wt8-wyvc-1uca
Aliases:
CVE-2019-8331
GHSA-9v3m-8fp8-mj99
GHSA-fxwm-579q-49qq
GHSA-wh77-3x4m-4q9g

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the tooltip or popover data-template attribute.

3.4.1
Affected by 0 other vulnerabilities.

VCID-7ch1-q9f4-a7bt
Aliases:
CVE-2018-14041
GHSA-pj7m-g53m-7638

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the data-target property of scrollspy.

There are no reported fixed by versions.

VCID-dxpb-rn46-rbd8
Aliases:
CVE-2018-20676
GHSA-3mgp-fx93-9xv5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the tooltip data-viewport attribute.

3.4.0
Affected by 1 other vulnerability.

VCID-hbhg-1exc-kbfy
Aliases:
CVE-2018-20677
GHSA-ph58-4vrj-w6hr

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the affix configuration target property.

3.4.0
Affected by 1 other vulnerability.

VCID-r4qe-549h-nfh1
Aliases:
CVE-2016-10735
GHSA-4p24-vmcr-4gqj

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.

3.4.0
Affected by 1 other vulnerability.

VCID-vsty-6vqf-pkeg
Aliases:
CVE-2018-14042
GHSA-7mvr-5x2g-wfc8

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the data-container property of tooltip.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T20:19:36.830246+00:00	GitLab Importer	Affected by	VCID-4wt8-wyvc-1uca	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Bootstrap.Less/CVE-2019-8331.yml	38.6.0
2026-06-04T20:18:09.838700+00:00	GitLab Importer	Affected by	VCID-r4qe-549h-nfh1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Bootstrap.Less/CVE-2016-10735.yml	38.6.0
2026-06-04T20:18:07.796039+00:00	GitLab Importer	Affected by	VCID-hbhg-1exc-kbfy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Bootstrap.Less/CVE-2018-20677.yml	38.6.0
2026-06-04T20:18:07.318457+00:00	GitLab Importer	Affected by	VCID-dxpb-rn46-rbd8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Bootstrap.Less/CVE-2018-20676.yml	38.6.0
2026-06-04T20:13:52.516063+00:00	GitLab Importer	Affected by	VCID-7ch1-q9f4-a7bt	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Bootstrap.Less/CVE-2018-14041.yml	38.6.0
2026-06-04T20:13:49.445075+00:00	GitLab Importer	Affected by	VCID-vsty-6vqf-pkeg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Bootstrap.Less/CVE-2018-14042.yml	38.6.0