VulnerableCode Package Details - pkg:npm/bootstrap-sass@3.4.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-3ygq-cbu4-23ad Aliases: CVE-2019-8331 GHSA-9v3m-8fp8-mj99 GHSA-fxwm-579q-49qq GHSA-wh77-3x4m-4q9g	Bootstrap Vulnerable to Cross-Site Scripting Versions of `bootstrap` prior to 3.4.1 for 3.x and 4.3.1 for 4.x are vulnerable to Cross-Site Scripting (XSS). The `data-template` attribute of the tooltip and popover plugins lacks input sanitization and may allow attacker to execute arbitrary JavaScript. ## Recommendation For `bootstrap` 4.x upgrade to 4.3.1 or later. For `bootstrap` 3.x upgrade to 3.4.1 or later.	3.4.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-d4k9-se4n-4fh9 Aliases: CVE-2024-6484 GHSA-9mvj-f7w8-pvh2	Bootstrap Cross-Site Scripting (XSS) vulnerability A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the `data-slide` and `data-slide-to` attributes can be exploited through the href attribute of an `<a>` tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-3ygq-cbu4-23ad
Aliases:
CVE-2019-8331
GHSA-9v3m-8fp8-mj99
GHSA-fxwm-579q-49qq
GHSA-wh77-3x4m-4q9g

Bootstrap Vulnerable to Cross-Site Scripting Versions of `bootstrap` prior to 3.4.1 for 3.x and 4.3.1 for 4.x are vulnerable to Cross-Site Scripting (XSS). The `data-template` attribute of the tooltip and popover plugins lacks input sanitization and may allow attacker to execute arbitrary JavaScript. ## Recommendation For `bootstrap` 4.x upgrade to 4.3.1 or later. For `bootstrap` 3.x upgrade to 3.4.1 or later.

3.4.1
Affected by 1 other vulnerability.

VCID-d4k9-se4n-4fh9
Aliases:
CVE-2024-6484
GHSA-9mvj-f7w8-pvh2

Bootstrap Cross-Site Scripting (XSS) vulnerability A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the `data-slide` and `data-slide-to` attributes can be exploited through the href attribute of an `<a>` tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
VCID-9gdn-vssr-m3d9	Bootstrap Cross-site Scripting vulnerability In Bootstrap starting in version 2.3.0 and prior to versions 3.4.0 and 4.1.2, XSS is possible in the data-container property of tooltip. This is similar to CVE-2018-14041.	CVE-2018-14042 GHSA-7mvr-5x2g-wfc8
VCID-f43n-fgru-vqee	bootstrap Cross-site Scripting vulnerability In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.	CVE-2018-20677 GHSA-ph58-4vrj-w6hr
VCID-gmca-n7as-2yap	XSS vulnerability that affects bootstrap In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.	CVE-2018-20676 GHSA-3mgp-fx93-9xv5
VCID-w6v5-nfgx-rbbx	Bootstrap Cross-site Scripting vulnerability In Bootstrap 2.x from 2.0.4, 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute. Note that this is a different vulnerability than CVE-2018-14041. See https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/ for more info.	CVE-2016-10735 GHSA-4p24-vmcr-4gqj

Vulnerability

Summary

Aliases

VCID-9gdn-vssr-m3d9

Bootstrap Cross-site Scripting vulnerability In Bootstrap starting in version 2.3.0 and prior to versions 3.4.0 and 4.1.2, XSS is possible in the data-container property of tooltip. This is similar to CVE-2018-14041.

CVE-2018-14042
GHSA-7mvr-5x2g-wfc8

VCID-f43n-fgru-vqee

bootstrap Cross-site Scripting vulnerability In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.

CVE-2018-20677
GHSA-ph58-4vrj-w6hr

VCID-gmca-n7as-2yap

XSS vulnerability that affects bootstrap In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.

CVE-2018-20676
GHSA-3mgp-fx93-9xv5

VCID-w6v5-nfgx-rbbx

Bootstrap Cross-site Scripting vulnerability In Bootstrap 2.x from 2.0.4, 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute. Note that this is a different vulnerability than CVE-2018-14041. See https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/ for more info.

CVE-2016-10735
GHSA-4p24-vmcr-4gqj

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-03T19:09:20.106586+00:00	GitLab Importer	Affected by	VCID-d4k9-se4n-4fh9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/bootstrap-sass/CVE-2024-6484.yml	37.0.0
2025-07-03T17:32:48.326650+00:00	GitLab Importer	Affected by	VCID-3ygq-cbu4-23ad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/bootstrap-sass/CVE-2019-8331.yml	37.0.0
2025-07-03T17:31:18.266539+00:00	GitLab Importer	Fixing	VCID-w6v5-nfgx-rbbx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/bootstrap-sass/CVE-2016-10735.yml	37.0.0
2025-07-03T17:31:15.687527+00:00	GitLab Importer	Fixing	VCID-gmca-n7as-2yap	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/bootstrap-sass/CVE-2018-20676.yml	37.0.0
2025-07-03T17:31:15.148587+00:00	GitLab Importer	Fixing	VCID-f43n-fgru-vqee	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/bootstrap-sass/CVE-2018-20677.yml	37.0.0
2025-07-01T18:11:26.028480+00:00	GitLab Importer	Fixing	VCID-w6v5-nfgx-rbbx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/bootstrap-sass/CVE-2016-10735.yml	36.1.3
2025-07-01T18:11:25.650973+00:00	GitLab Importer	Fixing	VCID-gmca-n7as-2yap	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/bootstrap-sass/CVE-2018-20676.yml	36.1.3
2025-07-01T18:11:25.589830+00:00	GitLab Importer	Fixing	VCID-f43n-fgru-vqee	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/bootstrap-sass/CVE-2018-20677.yml	36.1.3
2025-07-01T18:11:08.933471+00:00	GitLab Importer	Fixing	VCID-9gdn-vssr-m3d9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/bootstrap-sass/CVE-2018-14042.yml	36.1.3
2025-07-01T14:29:36.598015+00:00	GHSA Importer	Fixing	VCID-f43n-fgru-vqee	https://github.com/advisories/GHSA-ph58-4vrj-w6hr	36.1.3
2025-07-01T14:29:36.298058+00:00	GHSA Importer	Fixing	VCID-gmca-n7as-2yap	https://github.com/advisories/GHSA-3mgp-fx93-9xv5	36.1.3
2025-07-01T14:29:35.876583+00:00	GHSA Importer	Fixing	VCID-w6v5-nfgx-rbbx	https://github.com/advisories/GHSA-4p24-vmcr-4gqj	36.1.3
2025-07-01T14:29:13.661792+00:00	GHSA Importer	Fixing	VCID-9gdn-vssr-m3d9	https://github.com/advisories/GHSA-7mvr-5x2g-wfc8	36.1.3
2025-07-01T12:21:49.533869+00:00	GithubOSV Importer	Fixing	VCID-gmca-n7as-2yap	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/01/GHSA-3mgp-fx93-9xv5/GHSA-3mgp-fx93-9xv5.json	36.1.3
2025-07-01T12:21:49.115140+00:00	GithubOSV Importer	Fixing	VCID-f43n-fgru-vqee	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/01/GHSA-ph58-4vrj-w6hr/GHSA-ph58-4vrj-w6hr.json	36.1.3
2025-07-01T12:21:48.572210+00:00	GithubOSV Importer	Fixing	VCID-w6v5-nfgx-rbbx	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/01/GHSA-4p24-vmcr-4gqj/GHSA-4p24-vmcr-4gqj.json	36.1.3
2025-07-01T12:21:10.758431+00:00	GithubOSV Importer	Fixing	VCID-9gdn-vssr-m3d9	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/09/GHSA-7mvr-5x2g-wfc8/GHSA-7mvr-5x2g-wfc8.json	36.1.3