Search for packages
| purl | pkg:nuget/bootstrap@2.3.2 |
| Next non-vulnerable version | 4.0.0-alpha |
| Latest non-vulnerable version | 5.0.0 |
| Risk | 3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-d4k9-se4n-4fh9
Aliases: CVE-2024-6484 GHSA-9mvj-f7w8-pvh2 |
Bootstrap Cross-Site Scripting (XSS) vulnerability A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the `data-slide` and `data-slide-to` attributes can be exploited through the href attribute of an `<a>` tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser. |
Affected by 0 other vulnerabilities. |
|
VCID-e8jt-6jum-n3az
Aliases: CVE-2018-14040 GHSA-3wqf-4x89-9g79 |
Bootstrap vulnerable to Cross-Site Scripting (XSS) In Bootstrap starting in version 2.3.0 and prior to 3.4.0, as well as 4.x before 4.1.2, XSS is possible in the collapse data-parent attribute. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
|
VCID-f43n-fgru-vqee
Aliases: CVE-2018-20677 GHSA-ph58-4vrj-w6hr |
bootstrap Cross-site Scripting vulnerability In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property. |
Affected by 1 other vulnerability. |
|
VCID-gmca-n7as-2yap
Aliases: CVE-2018-20676 GHSA-3mgp-fx93-9xv5 |
XSS vulnerability that affects bootstrap In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute. |
Affected by 1 other vulnerability. |
|
VCID-w6v5-nfgx-rbbx
Aliases: CVE-2016-10735 GHSA-4p24-vmcr-4gqj |
Bootstrap Cross-site Scripting vulnerability In Bootstrap 2.x from 2.0.4, 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute. Note that this is a different vulnerability than CVE-2018-14041. See https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/ for more info. |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-07-03T19:09:21.890764+00:00 | GitLab Importer | Affected by | VCID-d4k9-se4n-4fh9 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/bootstrap/CVE-2024-6484.yml | 37.0.0 |
| 2025-07-03T18:15:31.341502+00:00 | GitLab Importer | Affected by | VCID-e8jt-6jum-n3az | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/bootstrap/CVE-2018-14040.yml | 37.0.0 |
| 2025-07-03T17:31:16.657840+00:00 | GitLab Importer | Affected by | VCID-gmca-n7as-2yap | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/bootstrap/CVE-2018-20676.yml | 37.0.0 |
| 2025-07-03T17:31:16.283489+00:00 | GitLab Importer | Affected by | VCID-w6v5-nfgx-rbbx | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/bootstrap/CVE-2016-10735.yml | 37.0.0 |
| 2025-07-03T17:31:15.459484+00:00 | GitLab Importer | Affected by | VCID-f43n-fgru-vqee | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/bootstrap/CVE-2018-20677.yml | 37.0.0 |