VulnerableCode Package Details - pkg:nuget/bootstrap@4.1.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-e8jt-6jum-n3az Aliases: CVE-2018-14040 GHSA-3wqf-4x89-9g79	Bootstrap vulnerable to Cross-Site Scripting (XSS) In Bootstrap starting in version 2.3.0 and prior to 3.4.0, as well as 4.x before 4.1.2, XSS is possible in the collapse data-parent attribute.	4.1.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-qceg-ajt8-jfct Aliases: CVE-2024-6531 GHSA-vc8w-jr9v-vj7f	Bootstrap Cross-Site Scripting (XSS) vulnerability A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.	5.0.0 Affected by 0 other vulnerabilities.
VCID-u34g-yks8-hbay Aliases: CVE-2018-14041 GHSA-pj7m-g53m-7638	Bootstrap Cross-site Scripting vulnerability In Bootstrap 4.x before 4.1.2, XSS is possible in the data-target property of scrollspy. This is similar to CVE-2018-14042.	4.1.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-e8jt-6jum-n3az
Aliases:
CVE-2018-14040
GHSA-3wqf-4x89-9g79

Bootstrap vulnerable to Cross-Site Scripting (XSS) In Bootstrap starting in version 2.3.0 and prior to 3.4.0, as well as 4.x before 4.1.2, XSS is possible in the collapse data-parent attribute.

4.1.2
Affected by 1 other vulnerability.

VCID-qceg-ajt8-jfct
Aliases:
CVE-2024-6531
GHSA-vc8w-jr9v-vj7f

Bootstrap Cross-Site Scripting (XSS) vulnerability A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.

5.0.0
Affected by 0 other vulnerabilities.

VCID-u34g-yks8-hbay
Aliases:
CVE-2018-14041
GHSA-pj7m-g53m-7638

Bootstrap Cross-site Scripting vulnerability In Bootstrap 4.x before 4.1.2, XSS is possible in the data-target property of scrollspy. This is similar to CVE-2018-14042.

4.1.2
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-03T19:09:22.577165+00:00	GitLab Importer	Affected by	VCID-qceg-ajt8-jfct	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/bootstrap/CVE-2024-6531.yml	37.0.0
2025-07-03T18:15:31.398205+00:00	GitLab Importer	Affected by	VCID-e8jt-6jum-n3az	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/bootstrap/CVE-2018-14040.yml	37.0.0
2025-07-03T17:28:56.016300+00:00	GitLab Importer	Affected by	VCID-u34g-yks8-hbay	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/bootstrap/CVE-2018-14041.yml	37.0.0