Search for packages
Package details: pkg:maven/org.webjars/bootstrap@3.2.0-1
purl pkg:maven/org.webjars/bootstrap@3.2.0-1
Next non-vulnerable version 4.0.0-alpha
Latest non-vulnerable version 5.0.0
Risk 3.1
Vulnerabilities affecting this package (5)
Vulnerability Summary Fixed by
VCID-3ygq-cbu4-23ad
Aliases:
CVE-2019-8331
GHSA-9v3m-8fp8-mj99
GHSA-fxwm-579q-49qq
GHSA-wh77-3x4m-4q9g
Bootstrap Vulnerable to Cross-Site Scripting Versions of `bootstrap` prior to 3.4.1 for 3.x and 4.3.1 for 4.x are vulnerable to Cross-Site Scripting (XSS). The `data-template` attribute of the tooltip and popover plugins lacks input sanitization and may allow attacker to execute arbitrary JavaScript. ## Recommendation For `bootstrap` 4.x upgrade to 4.3.1 or later. For `bootstrap` 3.x upgrade to 3.4.1 or later.
3.4.1
Affected by 1 other vulnerability.
4.3.1
Affected by 1 other vulnerability.
VCID-d4k9-se4n-4fh9
Aliases:
CVE-2024-6484
GHSA-9mvj-f7w8-pvh2
Bootstrap Cross-Site Scripting (XSS) vulnerability A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the `data-slide` and `data-slide-to` attributes can be exploited through the href attribute of an `<a>` tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.
4.0.0-alpha
Affected by 0 other vulnerabilities.
VCID-f43n-fgru-vqee
Aliases:
CVE-2018-20677
GHSA-ph58-4vrj-w6hr
bootstrap Cross-site Scripting vulnerability In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.
3.4.0
Affected by 2 other vulnerabilities.
VCID-gmca-n7as-2yap
Aliases:
CVE-2018-20676
GHSA-3mgp-fx93-9xv5
XSS vulnerability that affects bootstrap In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.
3.4.0
Affected by 2 other vulnerabilities.
VCID-w6v5-nfgx-rbbx
Aliases:
CVE-2016-10735
GHSA-4p24-vmcr-4gqj
Bootstrap Cross-site Scripting vulnerability In Bootstrap 2.x from 2.0.4, 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute. Note that this is a different vulnerability than CVE-2018-14041. See https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/ for more info.
3.4.0
Affected by 2 other vulnerabilities.
4.0.0-beta.2
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-07-03T19:09:23.326385+00:00 GitLab Importer Affected by VCID-d4k9-se4n-4fh9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.webjars/bootstrap/CVE-2024-6484.yml 37.0.0
2025-07-03T17:32:48.408145+00:00 GitLab Importer Affected by VCID-3ygq-cbu4-23ad https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.webjars/bootstrap/CVE-2019-8331.yml 37.0.0
2025-07-03T17:31:17.409503+00:00 GitLab Importer Affected by VCID-gmca-n7as-2yap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.webjars/bootstrap/CVE-2018-20676.yml 37.0.0
2025-07-03T17:31:17.274865+00:00 GitLab Importer Affected by VCID-w6v5-nfgx-rbbx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.webjars/bootstrap/CVE-2016-10735.yml 37.0.0
2025-07-03T17:31:15.040157+00:00 GitLab Importer Affected by VCID-f43n-fgru-vqee https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.webjars/bootstrap/CVE-2018-20677.yml 37.0.0