VulnerableCode Package Details - pkg:composer/twbs/bootstrap@3.4.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-3ygq-cbu4-23ad Aliases: CVE-2019-8331 GHSA-9v3m-8fp8-mj99 GHSA-fxwm-579q-49qq GHSA-wh77-3x4m-4q9g	Bootstrap Vulnerable to Cross-Site Scripting Versions of `bootstrap` prior to 3.4.1 for 3.x and 4.3.1 for 4.x are vulnerable to Cross-Site Scripting (XSS). The `data-template` attribute of the tooltip and popover plugins lacks input sanitization and may allow attacker to execute arbitrary JavaScript. ## Recommendation For `bootstrap` 4.x upgrade to 4.3.1 or later. For `bootstrap` 3.x upgrade to 3.4.1 or later.	3.4.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 4.3.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-d4k9-se4n-4fh9 Aliases: CVE-2024-6484 GHSA-9mvj-f7w8-pvh2	Bootstrap Cross-Site Scripting (XSS) vulnerability A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the `data-slide` and `data-slide-to` attributes can be exploited through the href attribute of an `<a>` tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.	4.0.0-alpha Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-3ygq-cbu4-23ad
Aliases:
CVE-2019-8331
GHSA-9v3m-8fp8-mj99
GHSA-fxwm-579q-49qq
GHSA-wh77-3x4m-4q9g

Bootstrap Vulnerable to Cross-Site Scripting Versions of `bootstrap` prior to 3.4.1 for 3.x and 4.3.1 for 4.x are vulnerable to Cross-Site Scripting (XSS). The `data-template` attribute of the tooltip and popover plugins lacks input sanitization and may allow attacker to execute arbitrary JavaScript. ## Recommendation For `bootstrap` 4.x upgrade to 4.3.1 or later. For `bootstrap` 3.x upgrade to 3.4.1 or later.

3.4.1
Affected by 1 other vulnerability.

4.3.1
Affected by 1 other vulnerability.

VCID-d4k9-se4n-4fh9
Aliases:
CVE-2024-6484
GHSA-9mvj-f7w8-pvh2

Bootstrap Cross-Site Scripting (XSS) vulnerability A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the `data-slide` and `data-slide-to` attributes can be exploited through the href attribute of an `<a>` tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.

4.0.0-alpha
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-9gdn-vssr-m3d9	Bootstrap Cross-site Scripting vulnerability In Bootstrap starting in version 2.3.0 and prior to versions 3.4.0 and 4.1.2, XSS is possible in the data-container property of tooltip. This is similar to CVE-2018-14041.	CVE-2018-14042 GHSA-7mvr-5x2g-wfc8
VCID-e8jt-6jum-n3az	Bootstrap vulnerable to Cross-Site Scripting (XSS) In Bootstrap starting in version 2.3.0 and prior to 3.4.0, as well as 4.x before 4.1.2, XSS is possible in the collapse data-parent attribute.	CVE-2018-14040 GHSA-3wqf-4x89-9g79
VCID-f43n-fgru-vqee	bootstrap Cross-site Scripting vulnerability In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.	CVE-2018-20677 GHSA-ph58-4vrj-w6hr
VCID-gmca-n7as-2yap	XSS vulnerability that affects bootstrap In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.	CVE-2018-20676 GHSA-3mgp-fx93-9xv5
VCID-w6v5-nfgx-rbbx	Bootstrap Cross-site Scripting vulnerability In Bootstrap 2.x from 2.0.4, 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute. Note that this is a different vulnerability than CVE-2018-14041. See https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/ for more info.	CVE-2016-10735 GHSA-4p24-vmcr-4gqj

Vulnerability

Summary

Aliases

VCID-9gdn-vssr-m3d9

Bootstrap Cross-site Scripting vulnerability In Bootstrap starting in version 2.3.0 and prior to versions 3.4.0 and 4.1.2, XSS is possible in the data-container property of tooltip. This is similar to CVE-2018-14041.

CVE-2018-14042
GHSA-7mvr-5x2g-wfc8

VCID-e8jt-6jum-n3az

Bootstrap vulnerable to Cross-Site Scripting (XSS) In Bootstrap starting in version 2.3.0 and prior to 3.4.0, as well as 4.x before 4.1.2, XSS is possible in the collapse data-parent attribute.

CVE-2018-14040
GHSA-3wqf-4x89-9g79

VCID-f43n-fgru-vqee

bootstrap Cross-site Scripting vulnerability In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.

CVE-2018-20677
GHSA-ph58-4vrj-w6hr

VCID-gmca-n7as-2yap

XSS vulnerability that affects bootstrap In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.

CVE-2018-20676
GHSA-3mgp-fx93-9xv5

VCID-w6v5-nfgx-rbbx

Bootstrap Cross-site Scripting vulnerability In Bootstrap 2.x from 2.0.4, 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute. Note that this is a different vulnerability than CVE-2018-14041. See https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/ for more info.

CVE-2016-10735
GHSA-4p24-vmcr-4gqj

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-03T19:09:23.232367+00:00	GitLab Importer	Affected by	VCID-d4k9-se4n-4fh9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twbs/bootstrap/CVE-2024-6484.yml	37.0.0
2025-07-03T18:16:47.676850+00:00	GitLab Importer	Fixing	VCID-e8jt-6jum-n3az	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twbs/bootstrap/CVE-2018-14040.yml	37.0.0
2025-07-03T17:32:47.758788+00:00	GitLab Importer	Affected by	VCID-3ygq-cbu4-23ad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twbs/bootstrap/CVE-2019-8331.yml	37.0.0
2025-07-03T17:31:18.504210+00:00	GitLab Importer	Fixing	VCID-w6v5-nfgx-rbbx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twbs/bootstrap/CVE-2016-10735.yml	37.0.0
2025-07-03T17:31:17.917814+00:00	GitLab Importer	Fixing	VCID-f43n-fgru-vqee	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twbs/bootstrap/CVE-2018-20677.yml	37.0.0
2025-07-03T17:31:15.923723+00:00	GitLab Importer	Fixing	VCID-gmca-n7as-2yap	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twbs/bootstrap/CVE-2018-20676.yml	37.0.0
2025-07-01T18:13:24.470428+00:00	GitLab Importer	Fixing	VCID-e8jt-6jum-n3az	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twbs/bootstrap/CVE-2018-14040.yml	36.1.3
2025-07-01T18:11:26.066936+00:00	GitLab Importer	Fixing	VCID-w6v5-nfgx-rbbx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twbs/bootstrap/CVE-2016-10735.yml	36.1.3
2025-07-01T18:11:25.973556+00:00	GitLab Importer	Fixing	VCID-f43n-fgru-vqee	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twbs/bootstrap/CVE-2018-20677.yml	36.1.3
2025-07-01T18:11:25.681734+00:00	GitLab Importer	Fixing	VCID-gmca-n7as-2yap	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twbs/bootstrap/CVE-2018-20676.yml	36.1.3
2025-07-01T18:11:08.747075+00:00	GitLab Importer	Fixing	VCID-9gdn-vssr-m3d9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twbs/bootstrap/CVE-2018-14042.yml	36.1.3
2025-07-01T14:32:03.982691+00:00	GHSA Importer	Fixing	VCID-e8jt-6jum-n3az	https://github.com/advisories/GHSA-3wqf-4x89-9g79	36.1.3
2025-07-01T14:29:36.636728+00:00	GHSA Importer	Fixing	VCID-f43n-fgru-vqee	https://github.com/advisories/GHSA-ph58-4vrj-w6hr	36.1.3
2025-07-01T14:29:36.462954+00:00	GHSA Importer	Fixing	VCID-gmca-n7as-2yap	https://github.com/advisories/GHSA-3mgp-fx93-9xv5	36.1.3
2025-07-01T14:29:36.032934+00:00	GHSA Importer	Fixing	VCID-w6v5-nfgx-rbbx	https://github.com/advisories/GHSA-4p24-vmcr-4gqj	36.1.3
2025-07-01T14:29:13.562064+00:00	GHSA Importer	Fixing	VCID-9gdn-vssr-m3d9	https://github.com/advisories/GHSA-7mvr-5x2g-wfc8	36.1.3
2025-07-01T12:29:05.199722+00:00	GithubOSV Importer	Fixing	VCID-e8jt-6jum-n3az	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3wqf-4x89-9g79/GHSA-3wqf-4x89-9g79.json	36.1.3
2025-07-01T12:21:49.590524+00:00	GithubOSV Importer	Fixing	VCID-gmca-n7as-2yap	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/01/GHSA-3mgp-fx93-9xv5/GHSA-3mgp-fx93-9xv5.json	36.1.3
2025-07-01T12:21:49.174449+00:00	GithubOSV Importer	Fixing	VCID-f43n-fgru-vqee	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/01/GHSA-ph58-4vrj-w6hr/GHSA-ph58-4vrj-w6hr.json	36.1.3
2025-07-01T12:21:48.336163+00:00	GithubOSV Importer	Fixing	VCID-w6v5-nfgx-rbbx	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/01/GHSA-4p24-vmcr-4gqj/GHSA-4p24-vmcr-4gqj.json	36.1.3
2025-07-01T12:21:10.447082+00:00	GithubOSV Importer	Fixing	VCID-9gdn-vssr-m3d9	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/09/GHSA-7mvr-5x2g-wfc8/GHSA-7mvr-5x2g-wfc8.json	36.1.3