Getbootstrap Bootstrap vulnerabilities

CVE-2019-8331 [MEDIUM] CWE-79 CVE-2019-8331: In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-tem In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.

CVE-2018-20676 [MEDIUM] CWE-79 CVE-2018-20676: In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute. In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.

CVE-2016-10735 [MEDIUM] CWE-79 CVE-2016-10735: In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target a In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.

CVE-2018-20677 [MEDIUM] CWE-79 CVE-2018-20677: In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property. In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.

CVE-2018-14042 [MEDIUM] CWE-79 CVE-2018-14042: In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.

CVE-2018-14041 [MEDIUM] CWE-79 CVE-2018-14041: In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy. In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.

CVE-2018-14040 [MEDIUM] CWE-79 CVE-2018-14040: In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute. In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.