VulnerableCode Package Details - pkg:maven/org.webjars/bootstrap@4.1.2

Search for packages

Vulnerability	Summary	Fixed by
VCID-3ygq-cbu4-23ad Aliases: CVE-2019-8331 GHSA-9v3m-8fp8-mj99 GHSA-fxwm-579q-49qq GHSA-wh77-3x4m-4q9g	Bootstrap Vulnerable to Cross-Site Scripting Versions of `bootstrap` prior to 3.4.1 for 3.x and 4.3.1 for 4.x are vulnerable to Cross-Site Scripting (XSS). The `data-template` attribute of the tooltip and popover plugins lacks input sanitization and may allow attacker to execute arbitrary JavaScript. ## Recommendation For `bootstrap` 4.x upgrade to 4.3.1 or later. For `bootstrap` 3.x upgrade to 3.4.1 or later.	4.3.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-qceg-ajt8-jfct Aliases: CVE-2024-6531 GHSA-vc8w-jr9v-vj7f	Bootstrap Cross-Site Scripting (XSS) vulnerability A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.	5.0.0 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-3ygq-cbu4-23ad
Aliases:
CVE-2019-8331
GHSA-9v3m-8fp8-mj99
GHSA-fxwm-579q-49qq
GHSA-wh77-3x4m-4q9g

Bootstrap Vulnerable to Cross-Site Scripting Versions of `bootstrap` prior to 3.4.1 for 3.x and 4.3.1 for 4.x are vulnerable to Cross-Site Scripting (XSS). The `data-template` attribute of the tooltip and popover plugins lacks input sanitization and may allow attacker to execute arbitrary JavaScript. ## Recommendation For `bootstrap` 4.x upgrade to 4.3.1 or later. For `bootstrap` 3.x upgrade to 3.4.1 or later.

4.3.1
Affected by 1 other vulnerability.

VCID-qceg-ajt8-jfct
Aliases:
CVE-2024-6531
GHSA-vc8w-jr9v-vj7f

Bootstrap Cross-Site Scripting (XSS) vulnerability A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.

5.0.0
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-9gdn-vssr-m3d9	Bootstrap Cross-site Scripting vulnerability In Bootstrap starting in version 2.3.0 and prior to versions 3.4.0 and 4.1.2, XSS is possible in the data-container property of tooltip. This is similar to CVE-2018-14041.	CVE-2018-14042 GHSA-7mvr-5x2g-wfc8
VCID-e8jt-6jum-n3az	Bootstrap vulnerable to Cross-Site Scripting (XSS) In Bootstrap starting in version 2.3.0 and prior to 3.4.0, as well as 4.x before 4.1.2, XSS is possible in the collapse data-parent attribute.	CVE-2018-14040 GHSA-3wqf-4x89-9g79
VCID-u34g-yks8-hbay	Bootstrap Cross-site Scripting vulnerability In Bootstrap 4.x before 4.1.2, XSS is possible in the data-target property of scrollspy. This is similar to CVE-2018-14042.	CVE-2018-14041 GHSA-pj7m-g53m-7638

Vulnerability

Summary

Aliases

VCID-9gdn-vssr-m3d9

Bootstrap Cross-site Scripting vulnerability In Bootstrap starting in version 2.3.0 and prior to versions 3.4.0 and 4.1.2, XSS is possible in the data-container property of tooltip. This is similar to CVE-2018-14041.

CVE-2018-14042
GHSA-7mvr-5x2g-wfc8

VCID-e8jt-6jum-n3az

Bootstrap vulnerable to Cross-Site Scripting (XSS) In Bootstrap starting in version 2.3.0 and prior to 3.4.0, as well as 4.x before 4.1.2, XSS is possible in the collapse data-parent attribute.

CVE-2018-14040
GHSA-3wqf-4x89-9g79

VCID-u34g-yks8-hbay

Bootstrap Cross-site Scripting vulnerability In Bootstrap 4.x before 4.1.2, XSS is possible in the data-target property of scrollspy. This is similar to CVE-2018-14042.

CVE-2018-14041
GHSA-pj7m-g53m-7638

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-03T19:09:20.153504+00:00	GitLab Importer	Affected by	VCID-qceg-ajt8-jfct	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.webjars/bootstrap/CVE-2024-6531.yml	37.0.0
2025-07-03T18:16:11.577878+00:00	GitLab Importer	Fixing	VCID-e8jt-6jum-n3az	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.webjars/bootstrap/CVE-2018-14040.yml	37.0.0
2025-07-03T17:32:48.485879+00:00	GitLab Importer	Affected by	VCID-3ygq-cbu4-23ad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.webjars/bootstrap/CVE-2019-8331.yml	37.0.0
2025-07-03T17:28:56.219397+00:00	GitLab Importer	Fixing	VCID-9gdn-vssr-m3d9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.webjars/bootstrap/CVE-2018-14042.yml	37.0.0
2025-07-03T17:28:53.966513+00:00	GitLab Importer	Fixing	VCID-u34g-yks8-hbay	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.webjars/bootstrap/CVE-2018-14041.yml	37.0.0
2025-07-01T18:13:17.942511+00:00	GitLab Importer	Fixing	VCID-e8jt-6jum-n3az	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.webjars/bootstrap/CVE-2018-14040.yml	36.1.3
2025-07-01T18:11:08.876205+00:00	GitLab Importer	Fixing	VCID-9gdn-vssr-m3d9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.webjars/bootstrap/CVE-2018-14042.yml	36.1.3
2025-07-01T18:11:08.504111+00:00	GitLab Importer	Fixing	VCID-u34g-yks8-hbay	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.webjars/bootstrap/CVE-2018-14041.yml	36.1.3
2025-07-01T14:32:03.781166+00:00	GHSA Importer	Fixing	VCID-e8jt-6jum-n3az	https://github.com/advisories/GHSA-3wqf-4x89-9g79	36.1.3
2025-07-01T14:29:13.595125+00:00	GHSA Importer	Fixing	VCID-9gdn-vssr-m3d9	https://github.com/advisories/GHSA-7mvr-5x2g-wfc8	36.1.3
2025-07-01T14:29:13.105555+00:00	GHSA Importer	Fixing	VCID-u34g-yks8-hbay	https://github.com/advisories/GHSA-pj7m-g53m-7638	36.1.3
2025-07-01T12:29:04.670576+00:00	GithubOSV Importer	Fixing	VCID-e8jt-6jum-n3az	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3wqf-4x89-9g79/GHSA-3wqf-4x89-9g79.json	36.1.3
2025-07-01T12:21:11.824291+00:00	GithubOSV Importer	Fixing	VCID-u34g-yks8-hbay	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/09/GHSA-pj7m-g53m-7638/GHSA-pj7m-g53m-7638.json	36.1.3
2025-07-01T12:21:10.214596+00:00	GithubOSV Importer	Fixing	VCID-9gdn-vssr-m3d9	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/09/GHSA-7mvr-5x2g-wfc8/GHSA-7mvr-5x2g-wfc8.json	36.1.3