Search for packages
| purl | pkg:nuget/Bootstrap.Less@2.3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3ygq-cbu4-23ad
Aliases: CVE-2019-8331 GHSA-9v3m-8fp8-mj99 GHSA-fxwm-579q-49qq GHSA-wh77-3x4m-4q9g |
Bootstrap Vulnerable to Cross-Site Scripting Versions of `bootstrap` prior to 3.4.1 for 3.x and 4.3.1 for 4.x are vulnerable to Cross-Site Scripting (XSS). The `data-template` attribute of the tooltip and popover plugins lacks input sanitization and may allow attacker to execute arbitrary JavaScript. ## Recommendation For `bootstrap` 4.x upgrade to 4.3.1 or later. For `bootstrap` 3.x upgrade to 3.4.1 or later. |
Affected by 0 other vulnerabilities. |
|
VCID-9gdn-vssr-m3d9
Aliases: CVE-2018-14042 GHSA-7mvr-5x2g-wfc8 |
Bootstrap Cross-site Scripting vulnerability In Bootstrap starting in version 2.3.0 and prior to versions 3.4.0 and 4.1.2, XSS is possible in the data-container property of tooltip. This is similar to CVE-2018-14041. | There are no reported fixed by versions. |
|
VCID-f43n-fgru-vqee
Aliases: CVE-2018-20677 GHSA-ph58-4vrj-w6hr |
bootstrap Cross-site Scripting vulnerability In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property. |
Affected by 1 other vulnerability. |
|
VCID-gmca-n7as-2yap
Aliases: CVE-2018-20676 GHSA-3mgp-fx93-9xv5 |
XSS vulnerability that affects bootstrap In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute. |
Affected by 1 other vulnerability. |
|
VCID-u34g-yks8-hbay
Aliases: CVE-2018-14041 GHSA-pj7m-g53m-7638 |
Bootstrap Cross-site Scripting vulnerability In Bootstrap 4.x before 4.1.2, XSS is possible in the data-target property of scrollspy. This is similar to CVE-2018-14042. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||