Search CVE reports

Toggle filters

1 – 6 of 6 results

CVE-2024-6531

Medium priority
Fixed

Rejected reason: This was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior fell outside the scope of Bootstrap’s security...

2 affected packages

twitter-bootstrap3, twitter-bootstrap4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
twitter-bootstrap3 Not affected Not affected Not affected Not affected
twitter-bootstrap4 Fixed Fixed Fixed
Show less packages

CVE-2024-6484

Medium priority
Fixed

Rejected reason: This was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior fell outside the scope of Bootstrap’s security...

2 affected packages

twitter-bootstrap3, twitter-bootstrap4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
twitter-bootstrap3 Fixed Fixed Fixed Fixed
twitter-bootstrap4 Not affected Not affected Not affected
Show less packages

CVE-2019-8331

Medium priority
Vulnerable

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.

3 affected packages

twitter-bootstrap, twitter-bootstrap3, twitter-bootstrap4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
twitter-bootstrap Not in release Not in release Not in release Needs evaluation
twitter-bootstrap3 Not affected Not affected Not affected Vulnerable
twitter-bootstrap4 Not affected Not affected Not affected Not in release
Show less packages

CVE-2018-20677

Low priority
Vulnerable

In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.

3 affected packages

twitter-bootstrap, twitter-bootstrap3, twitter-bootstrap4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
twitter-bootstrap Not in release Not in release Not in release Needs evaluation
twitter-bootstrap3 Not affected Not affected Not affected Vulnerable
twitter-bootstrap4 Needs evaluation Needs evaluation Needs evaluation Not in release
Show less packages

CVE-2018-20676

Low priority
Vulnerable

In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.

3 affected packages

twitter-bootstrap, twitter-bootstrap4, twitter-bootstrap3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
twitter-bootstrap Not in release Not in release Not in release Needs evaluation
twitter-bootstrap4 Needs evaluation Needs evaluation Needs evaluation Not in release
twitter-bootstrap3 Not affected Not affected Not affected Vulnerable
Show less packages

CVE-2016-10735

Low priority

Some fixes available 13 of 16

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.

3 affected packages

twitter-bootstrap, twitter-bootstrap3, twitter-bootstrap4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
twitter-bootstrap Not in release Not in release Not in release Not affected
twitter-bootstrap3 Fixed Fixed Fixed Vulnerable
twitter-bootstrap4 Not affected Not affected Not affected Not in release
Show less packages