VulnerableCode Package Details - pkg:composer/twbs/bootstrap@3.4.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-d4k9-se4n-4fh9 Aliases: CVE-2024-6484 GHSA-9mvj-f7w8-pvh2	Bootstrap Cross-Site Scripting (XSS) vulnerability A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the `data-slide` and `data-slide-to` attributes can be exploited through the href attribute of an `<a>` tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.	4.0.0-alpha Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-d4k9-se4n-4fh9
Aliases:
CVE-2024-6484
GHSA-9mvj-f7w8-pvh2

Bootstrap Cross-Site Scripting (XSS) vulnerability A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the `data-slide` and `data-slide-to` attributes can be exploited through the href attribute of an `<a>` tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.

4.0.0-alpha
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-3ygq-cbu4-23ad	Bootstrap Vulnerable to Cross-Site Scripting Versions of `bootstrap` prior to 3.4.1 for 3.x and 4.3.1 for 4.x are vulnerable to Cross-Site Scripting (XSS). The `data-template` attribute of the tooltip and popover plugins lacks input sanitization and may allow attacker to execute arbitrary JavaScript. ## Recommendation For `bootstrap` 4.x upgrade to 4.3.1 or later. For `bootstrap` 3.x upgrade to 3.4.1 or later.	CVE-2019-8331 GHSA-9v3m-8fp8-mj99 GHSA-fxwm-579q-49qq GHSA-wh77-3x4m-4q9g

Vulnerability

Summary

Aliases

VCID-3ygq-cbu4-23ad

Bootstrap Vulnerable to Cross-Site Scripting Versions of `bootstrap` prior to 3.4.1 for 3.x and 4.3.1 for 4.x are vulnerable to Cross-Site Scripting (XSS). The `data-template` attribute of the tooltip and popover plugins lacks input sanitization and may allow attacker to execute arbitrary JavaScript. ## Recommendation For `bootstrap` 4.x upgrade to 4.3.1 or later. For `bootstrap` 3.x upgrade to 3.4.1 or later.

CVE-2019-8331
GHSA-9v3m-8fp8-mj99
GHSA-fxwm-579q-49qq
GHSA-wh77-3x4m-4q9g

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-03T19:09:23.234489+00:00	GitLab Importer	Affected by	VCID-d4k9-se4n-4fh9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twbs/bootstrap/CVE-2024-6484.yml	37.0.0
2025-07-03T17:32:47.760416+00:00	GitLab Importer	Fixing	VCID-3ygq-cbu4-23ad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twbs/bootstrap/CVE-2019-8331.yml	37.0.0
2025-07-03T13:57:02.178251+00:00	GitLab Importer	Affected by	VCID-d4k9-se4n-4fh9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twbs/bootstrap/CVE-2024-6484.yml	36.1.3
2025-07-01T18:11:29.967178+00:00	GitLab Importer	Fixing	VCID-3ygq-cbu4-23ad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/twbs/bootstrap/CVE-2019-8331.yml	36.1.3
2025-07-01T14:35:18.387239+00:00	GHSA Importer	Affected by	VCID-d4k9-se4n-4fh9	https://github.com/advisories/GHSA-9mvj-f7w8-pvh2	36.1.3
2025-07-01T14:29:40.610313+00:00	GHSA Importer	Fixing	VCID-3ygq-cbu4-23ad	https://github.com/advisories/GHSA-9v3m-8fp8-mj99	36.1.3
2025-07-01T12:21:59.247494+00:00	GithubOSV Importer	Fixing	VCID-3ygq-cbu4-23ad	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/02/GHSA-9v3m-8fp8-mj99/GHSA-9v3m-8fp8-mj99.json	36.1.3