Search for packages
Package details: pkg:maven/org.webjars.npm/bootstrap@4.0.0
purl pkg:maven/org.webjars.npm/bootstrap@4.0.0
Next non-vulnerable version 5.0.0
Latest non-vulnerable version 5.0.0
Risk 3.1
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-qceg-ajt8-jfct
Aliases:
CVE-2024-6531
GHSA-vc8w-jr9v-vj7f
Bootstrap Cross-Site Scripting (XSS) vulnerability A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.
5.0.0
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-07-03T19:09:22.930804+00:00 GitLab Importer Affected by VCID-qceg-ajt8-jfct https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.webjars.npm/bootstrap/CVE-2024-6531.yml 37.0.0
2025-07-03T13:57:02.151018+00:00 GitLab Importer Affected by VCID-qceg-ajt8-jfct https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.webjars.npm/bootstrap/CVE-2024-6531.yml 36.1.3
2025-07-01T14:35:18.406484+00:00 GHSA Importer Affected by VCID-qceg-ajt8-jfct https://github.com/advisories/GHSA-vc8w-jr9v-vj7f 36.1.3