VulnerableCode Package Details - pkg:npm/bootstrap-sass@2.3.2

Search for packages

Package details: pkg:npm/bootstrap-sass@2.3.2

Essentials
History (5)

purl	pkg:npm/bootstrap-sass@2.3.2

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	3.1

Vulnerabilities affecting this package (5)

Vulnerability	Summary	Fixed by
VCID-9gdn-vssr-m3d9 Aliases: CVE-2018-14042 GHSA-7mvr-5x2g-wfc8	Bootstrap Cross-site Scripting vulnerability In Bootstrap starting in version 2.3.0 and prior to versions 3.4.0 and 4.1.2, XSS is possible in the data-container property of tooltip. This is similar to CVE-2018-14041.	3.4.0 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-d4k9-se4n-4fh9 Aliases: CVE-2024-6484 GHSA-9mvj-f7w8-pvh2	Bootstrap Cross-Site Scripting (XSS) vulnerability A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the `data-slide` and `data-slide-to` attributes can be exploited through the href attribute of an `<a>` tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.	There are no reported fixed by versions.
VCID-f43n-fgru-vqee Aliases: CVE-2018-20677 GHSA-ph58-4vrj-w6hr	bootstrap Cross-site Scripting vulnerability In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.	3.4.0 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-gmca-n7as-2yap Aliases: CVE-2018-20676 GHSA-3mgp-fx93-9xv5	XSS vulnerability that affects bootstrap In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.	3.4.0 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-w6v5-nfgx-rbbx Aliases: CVE-2016-10735 GHSA-4p24-vmcr-4gqj	Bootstrap Cross-site Scripting vulnerability In Bootstrap 2.x from 2.0.4, 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute. Note that this is a different vulnerability than CVE-2018-14041. See https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/ for more info.	3.4.0 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-03T19:09:20.084055+00:00	GitLab Importer	Affected by	VCID-d4k9-se4n-4fh9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/bootstrap-sass/CVE-2024-6484.yml	37.0.0
2025-07-03T17:31:18.244085+00:00	GitLab Importer	Affected by	VCID-w6v5-nfgx-rbbx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/bootstrap-sass/CVE-2016-10735.yml	37.0.0
2025-07-03T17:31:15.666903+00:00	GitLab Importer	Affected by	VCID-gmca-n7as-2yap	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/bootstrap-sass/CVE-2018-20676.yml	37.0.0
2025-07-03T17:31:15.129676+00:00	GitLab Importer	Affected by	VCID-f43n-fgru-vqee	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/bootstrap-sass/CVE-2018-20677.yml	37.0.0
2025-07-03T17:28:56.453820+00:00	GitLab Importer	Affected by	VCID-9gdn-vssr-m3d9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/bootstrap-sass/CVE-2018-14042.yml	37.0.0