VulnerableCode Package Details - pkg:nuget/bootstrap@3.3.6-jQuery3

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:nuget/bootstrap@3.3.6-jQuery3

Essentials
History (6)

purl	pkg:nuget/bootstrap@3.3.6-jQuery3

Next non-vulnerable version	4.0.0-beta2
Latest non-vulnerable version	5.0.0
Risk	3.1

Vulnerabilities affecting this package (6)

Vulnerability	Summary	Fixed by
VCID-46nt-zqbd-7fe3 Aliases: CVE-2024-6484 GHSA-9mvj-f7w8-pvh2	Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability ## Withdrawn Advisory This advisory has been withdrawn because it was determined to not be a vulnerability in Bootstrap. From the CVE: > This was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior fell outside the scope of Bootstrap’s security model, and the associated CVE has been rescinded. ## Original Description A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the `data-slide` and `data-slide-to` attributes can be exploited through the href attribute of an `<a>` tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.	4.0.0-alpha Affected by 0 other vulnerabilities.
VCID-4wt8-wyvc-1uca Aliases: CVE-2019-8331 GHSA-9v3m-8fp8-mj99 GHSA-fxwm-579q-49qq GHSA-wh77-3x4m-4q9g	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the tooltip or popover data-template attribute.	3.4.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 4.3.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-dxpb-rn46-rbd8 Aliases: CVE-2018-20676 GHSA-3mgp-fx93-9xv5	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the tooltip data-viewport attribute.	3.4.0 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-hbhg-1exc-kbfy Aliases: CVE-2018-20677 GHSA-ph58-4vrj-w6hr	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the affix configuration target property.	3.4.0 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-r4qe-549h-nfh1 Aliases: CVE-2016-10735 GHSA-4p24-vmcr-4gqj	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.	3.4.0 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.0.0-beta.2 Affected by 0 other vulnerabilities. 4.0.0-beta2 Affected by 0 other vulnerabilities.
VCID-wezb-6dbp-nfer Aliases: CVE-2018-14040 GHSA-3wqf-4x89-9g79	Cross-site Scripting In Bootstrap, XSS is possible in the collapse data-parent attribute.	3.4.0 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.1.2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T05:13:18.303217+00:00	GitLab Importer	Affected by	VCID-46nt-zqbd-7fe3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/bootstrap/CVE-2024-6484.yml	38.6.0
2026-06-06T01:46:29.528162+00:00	GitLab Importer	Affected by	VCID-wezb-6dbp-nfer	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/bootstrap/CVE-2018-14040.yml	38.6.0
2026-06-04T20:19:41.470525+00:00	GitLab Importer	Affected by	VCID-4wt8-wyvc-1uca	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/bootstrap/CVE-2019-8331.yml	38.6.0
2026-06-04T20:18:21.498832+00:00	GitLab Importer	Affected by	VCID-dxpb-rn46-rbd8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/bootstrap/CVE-2018-20676.yml	38.6.0
2026-06-04T20:18:21.050621+00:00	GitLab Importer	Affected by	VCID-r4qe-549h-nfh1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/bootstrap/CVE-2016-10735.yml	38.6.0
2026-06-04T20:18:19.925840+00:00	GitLab Importer	Affected by	VCID-hbhg-1exc-kbfy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/bootstrap/CVE-2018-20677.yml	38.6.0