VulnerableCode Package Details - pkg:nuget/bootstrap.sass@4.0.0-beta2

Search for packages

Package details: pkg:nuget/bootstrap.sass@4.0.0-beta2

Essentials
History (2)

purl	pkg:nuget/bootstrap.sass@4.0.0-beta2

Next non-vulnerable version	5.0.0
Latest non-vulnerable version	5.0.0
Risk	3.1

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-3ygq-cbu4-23ad Aliases: CVE-2019-8331 GHSA-9v3m-8fp8-mj99 GHSA-fxwm-579q-49qq GHSA-wh77-3x4m-4q9g	Bootstrap Vulnerable to Cross-Site Scripting Versions of `bootstrap` prior to 3.4.1 for 3.x and 4.3.1 for 4.x are vulnerable to Cross-Site Scripting (XSS). The `data-template` attribute of the tooltip and popover plugins lacks input sanitization and may allow attacker to execute arbitrary JavaScript. ## Recommendation For `bootstrap` 4.x upgrade to 4.3.1 or later. For `bootstrap` 3.x upgrade to 3.4.1 or later.	4.3.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-w6v5-nfgx-rbbx	Bootstrap Cross-site Scripting vulnerability In Bootstrap 2.x from 2.0.4, 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute. Note that this is a different vulnerability than CVE-2018-14041. See https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/ for more info.	CVE-2016-10735 GHSA-4p24-vmcr-4gqj

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-03T17:32:48.235633+00:00	GitLab Importer	Affected by	VCID-3ygq-cbu4-23ad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/bootstrap.sass/CVE-2019-8331.yml	37.0.0
2025-07-03T17:31:17.192807+00:00	GitLab Importer	Fixing	VCID-w6v5-nfgx-rbbx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/bootstrap.sass/CVE-2016-10735.yml	37.0.0