VulnerableCode Package Details - pkg:npm/bootstrap-sass@3.4.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-d4k9-se4n-4fh9 Aliases: CVE-2024-6484 GHSA-9mvj-f7w8-pvh2	Bootstrap Cross-Site Scripting (XSS) vulnerability A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the `data-slide` and `data-slide-to` attributes can be exploited through the href attribute of an `<a>` tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-d4k9-se4n-4fh9
Aliases:
CVE-2024-6484
GHSA-9mvj-f7w8-pvh2

Bootstrap Cross-Site Scripting (XSS) vulnerability A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the `data-slide` and `data-slide-to` attributes can be exploited through the href attribute of an `<a>` tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
VCID-3ygq-cbu4-23ad	Bootstrap Vulnerable to Cross-Site Scripting Versions of `bootstrap` prior to 3.4.1 for 3.x and 4.3.1 for 4.x are vulnerable to Cross-Site Scripting (XSS). The `data-template` attribute of the tooltip and popover plugins lacks input sanitization and may allow attacker to execute arbitrary JavaScript. ## Recommendation For `bootstrap` 4.x upgrade to 4.3.1 or later. For `bootstrap` 3.x upgrade to 3.4.1 or later.	CVE-2019-8331 GHSA-9v3m-8fp8-mj99 GHSA-fxwm-579q-49qq GHSA-wh77-3x4m-4q9g

Vulnerability

Summary

Aliases

VCID-3ygq-cbu4-23ad

Bootstrap Vulnerable to Cross-Site Scripting Versions of `bootstrap` prior to 3.4.1 for 3.x and 4.3.1 for 4.x are vulnerable to Cross-Site Scripting (XSS). The `data-template` attribute of the tooltip and popover plugins lacks input sanitization and may allow attacker to execute arbitrary JavaScript. ## Recommendation For `bootstrap` 4.x upgrade to 4.3.1 or later. For `bootstrap` 3.x upgrade to 3.4.1 or later.

CVE-2019-8331
GHSA-9v3m-8fp8-mj99
GHSA-fxwm-579q-49qq
GHSA-wh77-3x4m-4q9g

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-03T19:09:20.108714+00:00	GitLab Importer	Affected by	VCID-d4k9-se4n-4fh9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/bootstrap-sass/CVE-2024-6484.yml	37.0.0
2025-07-03T17:32:48.328281+00:00	GitLab Importer	Fixing	VCID-3ygq-cbu4-23ad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/bootstrap-sass/CVE-2019-8331.yml	37.0.0
2025-07-01T18:11:30.026731+00:00	GitLab Importer	Fixing	VCID-3ygq-cbu4-23ad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/bootstrap-sass/CVE-2019-8331.yml	36.1.3
2025-07-01T14:29:40.458241+00:00	GHSA Importer	Fixing	VCID-3ygq-cbu4-23ad	https://github.com/advisories/GHSA-9v3m-8fp8-mj99	36.1.3
2025-07-01T12:21:58.822262+00:00	GithubOSV Importer	Fixing	VCID-3ygq-cbu4-23ad	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/02/GHSA-9v3m-8fp8-mj99/GHSA-9v3m-8fp8-mj99.json	36.1.3