Search for packages
| purl | pkg:gem/bootstrap@4.3.0 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3ygq-cbu4-23ad
Aliases: CVE-2019-8331 GHSA-9v3m-8fp8-mj99 GHSA-fxwm-579q-49qq GHSA-wh77-3x4m-4q9g |
Bootstrap Vulnerable to Cross-Site Scripting Versions of `bootstrap` prior to 3.4.1 for 3.x and 4.3.1 for 4.x are vulnerable to Cross-Site Scripting (XSS). The `data-template` attribute of the tooltip and popover plugins lacks input sanitization and may allow attacker to execute arbitrary JavaScript. ## Recommendation For `bootstrap` 4.x upgrade to 4.3.1 or later. For `bootstrap` 3.x upgrade to 3.4.1 or later. |
Affected by 2 other vulnerabilities. |
|
VCID-d4k9-se4n-4fh9
Aliases: CVE-2024-6484 GHSA-9mvj-f7w8-pvh2 |
Bootstrap Cross-Site Scripting (XSS) vulnerability A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the `data-slide` and `data-slide-to` attributes can be exploited through the href attribute of an `<a>` tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser. | There are no reported fixed by versions. |
|
VCID-qceg-ajt8-jfct
Aliases: CVE-2024-6531 GHSA-vc8w-jr9v-vj7f |
Bootstrap Cross-Site Scripting (XSS) vulnerability A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser. |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-07-03T19:09:19.487890+00:00 | GitLab Importer | Affected by | VCID-qceg-ajt8-jfct | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap/CVE-2024-6531.yml | 37.0.0 |
| 2025-07-03T17:32:46.646351+00:00 | GitLab Importer | Affected by | VCID-3ygq-cbu4-23ad | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap/CVE-2019-8331.yml | 37.0.0 |
| 2025-07-03T14:33:13.566964+00:00 | Ruby Importer | Affected by | VCID-d4k9-se4n-4fh9 | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2024-6484.yml | 37.0.0 |
| 2025-07-03T14:33:13.352269+00:00 | Ruby Importer | Affected by | VCID-qceg-ajt8-jfct | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2024-6531.yml | 37.0.0 |
| 2025-07-01T18:11:29.801857+00:00 | GitLab Importer | Affected by | VCID-3ygq-cbu4-23ad | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap/CVE-2019-8331.yml | 36.1.3 |