VulnerableCode Package Details - pkg:nuget/Bootstrap.Less@3.3.6

Search for packages

Vulnerability	Summary	Fixed by
VCID-3ygq-cbu4-23ad Aliases: CVE-2019-8331 GHSA-9v3m-8fp8-mj99 GHSA-fxwm-579q-49qq GHSA-wh77-3x4m-4q9g	Bootstrap Vulnerable to Cross-Site Scripting Versions of `bootstrap` prior to 3.4.1 for 3.x and 4.3.1 for 4.x are vulnerable to Cross-Site Scripting (XSS). The `data-template` attribute of the tooltip and popover plugins lacks input sanitization and may allow attacker to execute arbitrary JavaScript. ## Recommendation For `bootstrap` 4.x upgrade to 4.3.1 or later. For `bootstrap` 3.x upgrade to 3.4.1 or later.	3.4.1 Affected by 0 other vulnerabilities.
VCID-9gdn-vssr-m3d9 Aliases: CVE-2018-14042 GHSA-7mvr-5x2g-wfc8	Bootstrap Cross-site Scripting vulnerability In Bootstrap starting in version 2.3.0 and prior to versions 3.4.0 and 4.1.2, XSS is possible in the data-container property of tooltip. This is similar to CVE-2018-14041.	There are no reported fixed by versions.
VCID-f43n-fgru-vqee Aliases: CVE-2018-20677 GHSA-ph58-4vrj-w6hr	bootstrap Cross-site Scripting vulnerability In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.	3.4.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-gmca-n7as-2yap Aliases: CVE-2018-20676 GHSA-3mgp-fx93-9xv5	XSS vulnerability that affects bootstrap In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.	3.4.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-u34g-yks8-hbay Aliases: CVE-2018-14041 GHSA-pj7m-g53m-7638	Bootstrap Cross-site Scripting vulnerability In Bootstrap 4.x before 4.1.2, XSS is possible in the data-target property of scrollspy. This is similar to CVE-2018-14042.	There are no reported fixed by versions.
VCID-w6v5-nfgx-rbbx Aliases: CVE-2016-10735 GHSA-4p24-vmcr-4gqj	Bootstrap Cross-site Scripting vulnerability In Bootstrap 2.x from 2.0.4, 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute. Note that this is a different vulnerability than CVE-2018-14041. See https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/ for more info.	3.4.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-3ygq-cbu4-23ad
Aliases:
CVE-2019-8331
GHSA-9v3m-8fp8-mj99
GHSA-fxwm-579q-49qq
GHSA-wh77-3x4m-4q9g

Bootstrap Vulnerable to Cross-Site Scripting Versions of `bootstrap` prior to 3.4.1 for 3.x and 4.3.1 for 4.x are vulnerable to Cross-Site Scripting (XSS). The `data-template` attribute of the tooltip and popover plugins lacks input sanitization and may allow attacker to execute arbitrary JavaScript. ## Recommendation For `bootstrap` 4.x upgrade to 4.3.1 or later. For `bootstrap` 3.x upgrade to 3.4.1 or later.

3.4.1
Affected by 0 other vulnerabilities.

VCID-9gdn-vssr-m3d9
Aliases:
CVE-2018-14042
GHSA-7mvr-5x2g-wfc8

Bootstrap Cross-site Scripting vulnerability In Bootstrap starting in version 2.3.0 and prior to versions 3.4.0 and 4.1.2, XSS is possible in the data-container property of tooltip. This is similar to CVE-2018-14041.

There are no reported fixed by versions.

VCID-f43n-fgru-vqee
Aliases:
CVE-2018-20677
GHSA-ph58-4vrj-w6hr

bootstrap Cross-site Scripting vulnerability In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.

3.4.0
Affected by 1 other vulnerability.

VCID-gmca-n7as-2yap
Aliases:
CVE-2018-20676
GHSA-3mgp-fx93-9xv5

XSS vulnerability that affects bootstrap In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.

3.4.0
Affected by 1 other vulnerability.

VCID-u34g-yks8-hbay
Aliases:
CVE-2018-14041
GHSA-pj7m-g53m-7638

Bootstrap Cross-site Scripting vulnerability In Bootstrap 4.x before 4.1.2, XSS is possible in the data-target property of scrollspy. This is similar to CVE-2018-14042.

There are no reported fixed by versions.

VCID-w6v5-nfgx-rbbx
Aliases:
CVE-2016-10735
GHSA-4p24-vmcr-4gqj

Bootstrap Cross-site Scripting vulnerability In Bootstrap 2.x from 2.0.4, 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute. Note that this is a different vulnerability than CVE-2018-14041. See https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/ for more info.

3.4.0
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-03T17:32:46.611061+00:00	GitLab Importer	Affected by	VCID-3ygq-cbu4-23ad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Bootstrap.Less/CVE-2019-8331.yml	37.0.0
2025-07-03T17:31:10.223883+00:00	GitLab Importer	Affected by	VCID-w6v5-nfgx-rbbx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Bootstrap.Less/CVE-2016-10735.yml	37.0.0
2025-07-03T17:31:09.402498+00:00	GitLab Importer	Affected by	VCID-f43n-fgru-vqee	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Bootstrap.Less/CVE-2018-20677.yml	37.0.0
2025-07-03T17:31:09.094528+00:00	GitLab Importer	Affected by	VCID-gmca-n7as-2yap	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Bootstrap.Less/CVE-2018-20676.yml	37.0.0
2025-07-03T17:28:01.611040+00:00	GitLab Importer	Affected by	VCID-u34g-yks8-hbay	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Bootstrap.Less/CVE-2018-14041.yml	37.0.0
2025-07-03T17:27:58.135465+00:00	GitLab Importer	Affected by	VCID-9gdn-vssr-m3d9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Bootstrap.Less/CVE-2018-14042.yml	37.0.0