Twbs Bootstrap vulnerabilities

9 known vulnerabilities affecting twbs/bootstrap.

Total CVEs

9

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

MEDIUM9

Vulnerabilities

Page 1 of 1

CVE-2024-6531MEDIUM≥ 4.0.0, < 5.0.02024-07-11

CVE-2024-6531 [MEDIUM] CWE-79 Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability ## Withdrawn Advisory This advisory is withdrawn because it was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior fell outside the scope of Bootstrap’s security model, and the associated CVE has been rescinded. ## Origi

CVE-2024-6484MEDIUM≥ 2.0.0, ≤ 3.4.12024-07-11

CVE-2024-6484 [MEDIUM] CWE-79 Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability ## Withdrawn Advisory This advisory has been withdrawn because it was determined to not be a vulnerability in Bootstrap. From the CVE: > This was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior fell outside the scope

CVE-2018-14040MEDIUM≥ 2.3.0, < 3.4.0≥ 4.0.0, < 4.1.22022-05-13

CVE-2018-14040 [MEDIUM] CWE-79 Bootstrap vulnerable to Cross-Site Scripting (XSS) Bootstrap vulnerable to Cross-Site Scripting (XSS) In Bootstrap starting in version 2.3.0 and prior to 3.4.0, as well as 4.x before 4.1.2, XSS is possible in the collapse data-parent attribute.

CVE-2019-8331MEDIUM≥ 3.0.0, < 3.4.1≥ 4.0.0, < 4.3.12019-02-22

CVE-2019-8331 [MEDIUM] CWE-79 Bootstrap Vulnerable to Cross-Site Scripting Bootstrap Vulnerable to Cross-Site Scripting Versions of `bootstrap` prior to 3.4.1 for 3.x and 4.3.1 for 4.x are vulnerable to Cross-Site Scripting (XSS). The `data-template` attribute of the tooltip and popover plugins lacks input sanitization and may allow attacker to execute arbitrary JavaScript. ## Recommendation For `bootstrap` 4.x upgrade to 4.3.1 or later. For `bootstrap` 3.x upgrade to 3.4.1 or later.

CVE-2018-20676MEDIUM≥ 0, < 3.4.02019-01-17

CVE-2018-20676 [MEDIUM] CWE-79 XSS vulnerability that affects bootstrap XSS vulnerability that affects bootstrap In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.

CVE-2016-10735MEDIUMCVSS 6.1≥ 2.0.4, < 3.4.0≥ 4.0.0-beta, < 4.0.0-beta.22019-01-17

CVE-2016-10735 [MEDIUM] CWE-79 Bootstrap Cross-site Scripting vulnerability Bootstrap Cross-site Scripting vulnerability In Bootstrap 2.x from 2.0.4, 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute. Note that this is a different vulnerability than CVE-2018-14041. See https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/ for more info.

CVE-2018-20677MEDIUM≥ 0, < 3.4.02019-01-17

CVE-2018-20677 [MEDIUM] CWE-79 bootstrap Cross-site Scripting vulnerability bootstrap Cross-site Scripting vulnerability In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.

CVE-2018-14042MEDIUMCVSS 6.1≥ 4.0.0, < 4.1.2≥ 2.3.0, < 3.4.02018-09-13

CVE-2018-14042 [MEDIUM] CWE-79 Bootstrap Cross-site Scripting vulnerability Bootstrap Cross-site Scripting vulnerability In Bootstrap starting in version 2.3.0 and prior to versions 3.4.0 and 4.1.2, XSS is possible in the data-container property of tooltip. This is similar to CVE-2018-14041.

CVE-2018-14041MEDIUMCVSS 6.1≥ 4.0.0, < 4.1.22018-09-13

CVE-2018-14041 [MEDIUM] CWE-79 Bootstrap Cross-site Scripting vulnerability Bootstrap Cross-site Scripting vulnerability In Bootstrap 4.x before 4.1.2, XSS is possible in the data-target property of scrollspy. This is similar to CVE-2018-14042.