Search for packages
| purl | pkg:gem/bootstrap-sass@3.5 |
| Tags | Ghost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-9gdn-vssr-m3d9
Aliases: CVE-2018-14042 GHSA-7mvr-5x2g-wfc8 |
Bootstrap Cross-site Scripting vulnerability In Bootstrap starting in version 2.3.0 and prior to versions 3.4.0 and 4.1.2, XSS is possible in the data-container property of tooltip. This is similar to CVE-2018-14041. | There are no reported fixed by versions. |
|
VCID-e8jt-6jum-n3az
Aliases: CVE-2018-14040 GHSA-3wqf-4x89-9g79 |
Bootstrap vulnerable to Cross-Site Scripting (XSS) In Bootstrap starting in version 2.3.0 and prior to 3.4.0, as well as 4.x before 4.1.2, XSS is possible in the collapse data-parent attribute. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-07-01T16:58:20.781557+00:00 | Ruby Importer | Affected by | VCID-e8jt-6jum-n3az | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-14040.yml | 36.1.3 |
| 2025-07-01T16:58:20.758165+00:00 | Ruby Importer | Affected by | VCID-9gdn-vssr-m3d9 | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-14042.yml | 36.1.3 |