VulnerableCode Package Details - pkg:nuget/bootstrap@3.4.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-yzg2-xekr-ykd9 Aliases: CVE-2024-6484 GHSA-9mvj-f7w8-pvh2	Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability ## Withdrawn Advisory This advisory has been withdrawn because it was determined to not be a vulnerability in Bootstrap. From the CVE: > This was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior fell outside the scope of Bootstrap’s security model, and the associated CVE has been rescinded. ## Original Description A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the `data-slide` and `data-slide-to` attributes can be exploited through the href attribute of an `<a>` tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.	4.0.0-alpha Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-yzg2-xekr-ykd9
Aliases:
CVE-2024-6484
GHSA-9mvj-f7w8-pvh2

Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability ## Withdrawn Advisory This advisory has been withdrawn because it was determined to not be a vulnerability in Bootstrap. From the CVE: > This was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior fell outside the scope of Bootstrap’s security model, and the associated CVE has been rescinded. ## Original Description A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the `data-slide` and `data-slide-to` attributes can be exploited through the href attribute of an `<a>` tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.

4.0.0-alpha
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-br4c-7x9j-g3f6	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the tooltip data-viewport attribute.	CVE-2018-20676 GHSA-3mgp-fx93-9xv5
VCID-eh2s-9hss-yken	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.	CVE-2016-10735 GHSA-4p24-vmcr-4gqj
VCID-hbwg-ebvx-k7e1	Cross-site Scripting In Bootstrap, XSS is possible in the collapse data-parent attribute.	CVE-2018-14040 GHSA-3wqf-4x89-9g79
VCID-hqne-7h6h-3ff8	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the affix configuration target property.	CVE-2018-20677 GHSA-ph58-4vrj-w6hr
VCID-vfsr-kypp-wbea	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the data-container property of tooltip.	CVE-2018-14042 GHSA-7mvr-5x2g-wfc8

Vulnerability

Summary

Aliases

VCID-br4c-7x9j-g3f6

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the tooltip data-viewport attribute.

CVE-2018-20676
GHSA-3mgp-fx93-9xv5

VCID-eh2s-9hss-yken

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.

CVE-2016-10735
GHSA-4p24-vmcr-4gqj

VCID-hbwg-ebvx-k7e1

Cross-site Scripting In Bootstrap, XSS is possible in the collapse data-parent attribute.

CVE-2018-14040
GHSA-3wqf-4x89-9g79

VCID-hqne-7h6h-3ff8

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the affix configuration target property.

CVE-2018-20677
GHSA-ph58-4vrj-w6hr

VCID-vfsr-kypp-wbea

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In Bootstrap, XSS is possible in the data-container property of tooltip.

CVE-2018-14042
GHSA-7mvr-5x2g-wfc8

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T23:04:15.200390+00:00	GitLab Importer	Affected by	VCID-yzg2-xekr-ykd9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/bootstrap/CVE-2024-6484.yml	38.4.0
2026-04-16T21:47:10.930258+00:00	GitLab Importer	Fixing	VCID-hbwg-ebvx-k7e1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/bootstrap/CVE-2018-14040.yml	38.4.0
2026-04-16T20:51:17.847509+00:00	GitLab Importer	Fixing	VCID-br4c-7x9j-g3f6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/bootstrap/CVE-2018-20676.yml	38.4.0
2026-04-16T20:51:17.437169+00:00	GitLab Importer	Fixing	VCID-eh2s-9hss-yken	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/bootstrap/CVE-2016-10735.yml	38.4.0
2026-04-16T20:51:15.522583+00:00	GitLab Importer	Fixing	VCID-hqne-7h6h-3ff8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/bootstrap/CVE-2018-20677.yml	38.4.0
2026-04-16T20:47:33.699568+00:00	GitLab Importer	Fixing	VCID-vfsr-kypp-wbea	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/bootstrap/CVE-2018-14042.yml	38.4.0
2026-04-12T00:22:08.762480+00:00	GitLab Importer	Affected by	VCID-yzg2-xekr-ykd9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/bootstrap/CVE-2024-6484.yml	38.3.0
2026-04-11T23:03:00.270854+00:00	GitLab Importer	Fixing	VCID-hbwg-ebvx-k7e1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/bootstrap/CVE-2018-14040.yml	38.3.0
2026-04-11T22:02:00.384391+00:00	GitLab Importer	Fixing	VCID-br4c-7x9j-g3f6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/bootstrap/CVE-2018-20676.yml	38.3.0
2026-04-11T22:01:59.971200+00:00	GitLab Importer	Fixing	VCID-eh2s-9hss-yken	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/bootstrap/CVE-2016-10735.yml	38.3.0
2026-04-11T22:01:58.974855+00:00	GitLab Importer	Fixing	VCID-hqne-7h6h-3ff8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/bootstrap/CVE-2018-20677.yml	38.3.0
2026-04-11T21:58:26.084153+00:00	GitLab Importer	Fixing	VCID-vfsr-kypp-wbea	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/bootstrap/CVE-2018-14042.yml	38.3.0
2026-04-03T00:29:43.816066+00:00	GitLab Importer	Affected by	VCID-yzg2-xekr-ykd9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/bootstrap/CVE-2024-6484.yml	38.1.0
2026-04-02T23:11:24.281562+00:00	GitLab Importer	Fixing	VCID-hbwg-ebvx-k7e1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/bootstrap/CVE-2018-14040.yml	38.1.0
2026-04-02T22:15:00.954918+00:00	GitLab Importer	Fixing	VCID-br4c-7x9j-g3f6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/bootstrap/CVE-2018-20676.yml	38.1.0
2026-04-02T22:15:00.566662+00:00	GitLab Importer	Fixing	VCID-eh2s-9hss-yken	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/bootstrap/CVE-2016-10735.yml	38.1.0
2026-04-02T22:14:59.728386+00:00	GitLab Importer	Fixing	VCID-hqne-7h6h-3ff8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/bootstrap/CVE-2018-20677.yml	38.1.0
2026-04-02T22:11:45.502462+00:00	GitLab Importer	Fixing	VCID-vfsr-kypp-wbea	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/bootstrap/CVE-2018-14042.yml	38.1.0
2026-04-01T16:00:56.946998+00:00	GHSA Importer	Fixing	VCID-hbwg-ebvx-k7e1	https://github.com/advisories/GHSA-3wqf-4x89-9g79	38.0.0
2026-04-01T15:57:14.959892+00:00	GHSA Importer	Fixing	VCID-hqne-7h6h-3ff8	https://github.com/advisories/GHSA-ph58-4vrj-w6hr	38.0.0
2026-04-01T15:57:14.790929+00:00	GHSA Importer	Fixing	VCID-br4c-7x9j-g3f6	https://github.com/advisories/GHSA-3mgp-fx93-9xv5	38.0.0
2026-04-01T15:57:14.198797+00:00	GHSA Importer	Fixing	VCID-eh2s-9hss-yken	https://github.com/advisories/GHSA-4p24-vmcr-4gqj	38.0.0
2026-04-01T15:56:39.876741+00:00	GHSA Importer	Fixing	VCID-vfsr-kypp-wbea	https://github.com/advisories/GHSA-7mvr-5x2g-wfc8	38.0.0
2026-04-01T13:10:29.852141+00:00	GithubOSV Importer	Fixing	VCID-hbwg-ebvx-k7e1	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3wqf-4x89-9g79/GHSA-3wqf-4x89-9g79.json	38.0.0
2026-04-01T13:04:16.382268+00:00	GithubOSV Importer	Fixing	VCID-br4c-7x9j-g3f6	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/01/GHSA-3mgp-fx93-9xv5/GHSA-3mgp-fx93-9xv5.json	38.0.0
2026-04-01T13:04:16.036767+00:00	GithubOSV Importer	Fixing	VCID-hqne-7h6h-3ff8	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/01/GHSA-ph58-4vrj-w6hr/GHSA-ph58-4vrj-w6hr.json	38.0.0
2026-04-01T13:04:15.214220+00:00	GithubOSV Importer	Fixing	VCID-eh2s-9hss-yken	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/01/GHSA-4p24-vmcr-4gqj/GHSA-4p24-vmcr-4gqj.json	38.0.0
2026-04-01T13:03:43.899564+00:00	GithubOSV Importer	Fixing	VCID-vfsr-kypp-wbea	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/09/GHSA-7mvr-5x2g-wfc8/GHSA-7mvr-5x2g-wfc8.json	38.0.0
2026-04-01T12:50:05.718957+00:00	GitLab Importer	Fixing	VCID-hbwg-ebvx-k7e1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/bootstrap/CVE-2018-14040.yml	38.0.0
2026-04-01T12:48:15.227445+00:00	GitLab Importer	Fixing	VCID-br4c-7x9j-g3f6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/bootstrap/CVE-2018-20676.yml	38.0.0
2026-04-01T12:48:15.199537+00:00	GitLab Importer	Fixing	VCID-eh2s-9hss-yken	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/bootstrap/CVE-2016-10735.yml	38.0.0
2026-04-01T12:48:15.078794+00:00	GitLab Importer	Fixing	VCID-hqne-7h6h-3ff8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/bootstrap/CVE-2018-20677.yml	38.0.0
2026-04-01T12:47:57.777198+00:00	GitLab Importer	Fixing	VCID-vfsr-kypp-wbea	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/bootstrap/CVE-2018-14042.yml	38.0.0