Search for packages
| purl | pkg:deb/debian/twitter-bootstrap3@3.2.0%2Bdfsg-1 |
| Next non-vulnerable version | 3.4.1+dfsg-6 |
| Latest non-vulnerable version | 3.4.1+dfsg-6 |
| Risk | 3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3ygq-cbu4-23ad
Aliases: CVE-2019-8331 GHSA-9v3m-8fp8-mj99 GHSA-fxwm-579q-49qq GHSA-wh77-3x4m-4q9g |
Bootstrap Vulnerable to Cross-Site Scripting Versions of `bootstrap` prior to 3.4.1 for 3.x and 4.3.1 for 4.x are vulnerable to Cross-Site Scripting (XSS). The `data-template` attribute of the tooltip and popover plugins lacks input sanitization and may allow attacker to execute arbitrary JavaScript. ## Recommendation For `bootstrap` 4.x upgrade to 4.3.1 or later. For `bootstrap` 3.x upgrade to 3.4.1 or later. |
Affected by 3 other vulnerabilities. |
|
VCID-87kn-rfhf-nbat
Aliases: CVE-2024-6485 GHSA-vxmc-5x29-h64v |
Bootstrap Cross-Site Scripting (XSS) vulnerability for data-* attributes A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting (XSS) attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribute, which would then be executed when the button's loading state is triggered. |
Affected by 1 other vulnerability. |
|
VCID-9gdn-vssr-m3d9
Aliases: CVE-2018-14042 GHSA-7mvr-5x2g-wfc8 |
Bootstrap Cross-site Scripting vulnerability In Bootstrap starting in version 2.3.0 and prior to versions 3.4.0 and 4.1.2, XSS is possible in the data-container property of tooltip. This is similar to CVE-2018-14041. |
Affected by 3 other vulnerabilities. |
|
VCID-d4k9-se4n-4fh9
Aliases: CVE-2024-6484 GHSA-9mvj-f7w8-pvh2 |
Bootstrap Cross-Site Scripting (XSS) vulnerability A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the `data-slide` and `data-slide-to` attributes can be exploited through the href attribute of an `<a>` tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser. |
Affected by 1 other vulnerability. |
|
VCID-e8jt-6jum-n3az
Aliases: CVE-2018-14040 GHSA-3wqf-4x89-9g79 |
Bootstrap vulnerable to Cross-Site Scripting (XSS) In Bootstrap starting in version 2.3.0 and prior to 3.4.0, as well as 4.x before 4.1.2, XSS is possible in the collapse data-parent attribute. |
Affected by 3 other vulnerabilities. |
|
VCID-f43n-fgru-vqee
Aliases: CVE-2018-20677 GHSA-ph58-4vrj-w6hr |
bootstrap Cross-site Scripting vulnerability In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property. |
Affected by 3 other vulnerabilities. |
|
VCID-gmca-n7as-2yap
Aliases: CVE-2018-20676 GHSA-3mgp-fx93-9xv5 |
XSS vulnerability that affects bootstrap In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute. |
Affected by 3 other vulnerabilities. |
|
VCID-w6v5-nfgx-rbbx
Aliases: CVE-2016-10735 GHSA-4p24-vmcr-4gqj |
Bootstrap Cross-site Scripting vulnerability In Bootstrap 2.x from 2.0.4, 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute. Note that this is a different vulnerability than CVE-2018-14041. See https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/ for more info. |
Affected by 3 other vulnerabilities. |
|
VCID-ys7x-k42v-s7f9
Aliases: CVE-2025-1647 |
bootstrap: Bootstrap XSS Vulnerability |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||