VulnerableCode Package Details - pkg:nuget/bootstrap@3.4.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-d4k9-se4n-4fh9 Aliases: CVE-2024-6484 GHSA-9mvj-f7w8-pvh2	Bootstrap Cross-Site Scripting (XSS) vulnerability A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the `data-slide` and `data-slide-to` attributes can be exploited through the href attribute of an `<a>` tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.	4.0.0-alpha Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-d4k9-se4n-4fh9
Aliases:
CVE-2024-6484
GHSA-9mvj-f7w8-pvh2

Bootstrap Cross-Site Scripting (XSS) vulnerability A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the `data-slide` and `data-slide-to` attributes can be exploited through the href attribute of an `<a>` tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.

4.0.0-alpha
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-9gdn-vssr-m3d9	Bootstrap Cross-site Scripting vulnerability In Bootstrap starting in version 2.3.0 and prior to versions 3.4.0 and 4.1.2, XSS is possible in the data-container property of tooltip. This is similar to CVE-2018-14041.	CVE-2018-14042 GHSA-7mvr-5x2g-wfc8
VCID-e8jt-6jum-n3az	Bootstrap vulnerable to Cross-Site Scripting (XSS) In Bootstrap starting in version 2.3.0 and prior to 3.4.0, as well as 4.x before 4.1.2, XSS is possible in the collapse data-parent attribute.	CVE-2018-14040 GHSA-3wqf-4x89-9g79
VCID-f43n-fgru-vqee	bootstrap Cross-site Scripting vulnerability In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.	CVE-2018-20677 GHSA-ph58-4vrj-w6hr
VCID-gmca-n7as-2yap	XSS vulnerability that affects bootstrap In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.	CVE-2018-20676 GHSA-3mgp-fx93-9xv5
VCID-w6v5-nfgx-rbbx	Bootstrap Cross-site Scripting vulnerability In Bootstrap 2.x from 2.0.4, 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute. Note that this is a different vulnerability than CVE-2018-14041. See https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/ for more info.	CVE-2016-10735 GHSA-4p24-vmcr-4gqj

Vulnerability

Summary

Aliases

VCID-9gdn-vssr-m3d9

Bootstrap Cross-site Scripting vulnerability In Bootstrap starting in version 2.3.0 and prior to versions 3.4.0 and 4.1.2, XSS is possible in the data-container property of tooltip. This is similar to CVE-2018-14041.

CVE-2018-14042
GHSA-7mvr-5x2g-wfc8

VCID-e8jt-6jum-n3az

Bootstrap vulnerable to Cross-Site Scripting (XSS) In Bootstrap starting in version 2.3.0 and prior to 3.4.0, as well as 4.x before 4.1.2, XSS is possible in the collapse data-parent attribute.

CVE-2018-14040
GHSA-3wqf-4x89-9g79

VCID-f43n-fgru-vqee

bootstrap Cross-site Scripting vulnerability In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.

CVE-2018-20677
GHSA-ph58-4vrj-w6hr

VCID-gmca-n7as-2yap

XSS vulnerability that affects bootstrap In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.

CVE-2018-20676
GHSA-3mgp-fx93-9xv5

VCID-w6v5-nfgx-rbbx

Bootstrap Cross-site Scripting vulnerability In Bootstrap 2.x from 2.0.4, 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute. Note that this is a different vulnerability than CVE-2018-14041. See https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/ for more info.

CVE-2016-10735
GHSA-4p24-vmcr-4gqj

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-03T19:09:21.928678+00:00	GitLab Importer	Affected by	VCID-d4k9-se4n-4fh9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/bootstrap/CVE-2024-6484.yml	37.0.0
2025-07-03T18:15:31.372628+00:00	GitLab Importer	Fixing	VCID-e8jt-6jum-n3az	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/bootstrap/CVE-2018-14040.yml	37.0.0
2025-07-03T17:31:16.693601+00:00	GitLab Importer	Fixing	VCID-gmca-n7as-2yap	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/bootstrap/CVE-2018-20676.yml	37.0.0
2025-07-03T17:31:16.320923+00:00	GitLab Importer	Fixing	VCID-w6v5-nfgx-rbbx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/bootstrap/CVE-2016-10735.yml	37.0.0
2025-07-03T17:31:15.499618+00:00	GitLab Importer	Fixing	VCID-f43n-fgru-vqee	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/bootstrap/CVE-2018-20677.yml	37.0.0
2025-07-03T17:28:57.273922+00:00	GitLab Importer	Fixing	VCID-9gdn-vssr-m3d9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/bootstrap/CVE-2018-14042.yml	37.0.0
2025-07-01T18:13:11.003164+00:00	GitLab Importer	Fixing	VCID-e8jt-6jum-n3az	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/bootstrap/CVE-2018-14040.yml	36.1.3
2025-07-01T18:11:25.778391+00:00	GitLab Importer	Fixing	VCID-gmca-n7as-2yap	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/bootstrap/CVE-2018-20676.yml	36.1.3
2025-07-01T18:11:25.746872+00:00	GitLab Importer	Fixing	VCID-w6v5-nfgx-rbbx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/bootstrap/CVE-2016-10735.yml	36.1.3
2025-07-01T18:11:25.621254+00:00	GitLab Importer	Fixing	VCID-f43n-fgru-vqee	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/bootstrap/CVE-2018-20677.yml	36.1.3
2025-07-01T18:11:09.077078+00:00	GitLab Importer	Fixing	VCID-9gdn-vssr-m3d9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/bootstrap/CVE-2018-14042.yml	36.1.3
2025-07-01T14:32:03.744012+00:00	GHSA Importer	Fixing	VCID-e8jt-6jum-n3az	https://github.com/advisories/GHSA-3wqf-4x89-9g79	36.1.3
2025-07-01T14:29:36.534607+00:00	GHSA Importer	Fixing	VCID-f43n-fgru-vqee	https://github.com/advisories/GHSA-ph58-4vrj-w6hr	36.1.3
2025-07-01T14:29:36.398298+00:00	GHSA Importer	Fixing	VCID-gmca-n7as-2yap	https://github.com/advisories/GHSA-3mgp-fx93-9xv5	36.1.3
2025-07-01T14:29:35.940449+00:00	GHSA Importer	Fixing	VCID-w6v5-nfgx-rbbx	https://github.com/advisories/GHSA-4p24-vmcr-4gqj	36.1.3
2025-07-01T14:29:13.494103+00:00	GHSA Importer	Fixing	VCID-9gdn-vssr-m3d9	https://github.com/advisories/GHSA-7mvr-5x2g-wfc8	36.1.3
2025-07-01T12:29:04.847575+00:00	GithubOSV Importer	Fixing	VCID-e8jt-6jum-n3az	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3wqf-4x89-9g79/GHSA-3wqf-4x89-9g79.json	36.1.3
2025-07-01T12:21:49.817103+00:00	GithubOSV Importer	Fixing	VCID-gmca-n7as-2yap	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/01/GHSA-3mgp-fx93-9xv5/GHSA-3mgp-fx93-9xv5.json	36.1.3
2025-07-01T12:21:49.410223+00:00	GithubOSV Importer	Fixing	VCID-f43n-fgru-vqee	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/01/GHSA-ph58-4vrj-w6hr/GHSA-ph58-4vrj-w6hr.json	36.1.3
2025-07-01T12:21:48.452547+00:00	GithubOSV Importer	Fixing	VCID-w6v5-nfgx-rbbx	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/01/GHSA-4p24-vmcr-4gqj/GHSA-4p24-vmcr-4gqj.json	36.1.3
2025-07-01T12:21:10.603619+00:00	GithubOSV Importer	Fixing	VCID-9gdn-vssr-m3d9	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/09/GHSA-7mvr-5x2g-wfc8/GHSA-7mvr-5x2g-wfc8.json	36.1.3