VYPR
Moderate severityOSV Advisory· Published Feb 20, 2019· Updated Aug 4, 2024

CVE-2019-8331

CVE-2019-8331

Description

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
bootstrapRubyGems
< 4.3.14.3.1
bootstrap-sassRubyGems
>= 3.0.0, < 3.4.13.4.1
Bootstrap.LessNuGet
>= 3.0.0, < 3.4.13.4.1
bootstrapNuGet
>= 4.0.0, < 4.3.14.3.1
bootstrapNuGet
>= 3.0.0, < 3.4.13.4.1
bootstrap.sassNuGet
< 4.3.14.3.1
bootstrapnpm
>= 4.0.0, < 4.3.14.3.1
bootstrapnpm
>= 3.0.0, < 3.4.13.4.1
bootstrap-sassnpm
>= 3.0.0, < 3.4.13.4.1
twitter-bootstrap-railsRubyGems
< 5.3.05.3.0
org.webjars:bootstrapMaven
>= 3.0.0, < 3.4.13.4.1
org.webjars:bootstrapMaven
>= 4.0.0, < 4.3.14.3.1
twbs/bootstrapPackagist
>= 3.0.0, < 3.4.13.4.1
twbs/bootstrapPackagist
>= 4.0.0, < 4.3.14.3.1

Affected products

19

Patches

Vulnerability mechanics

References

46

News mentions

0

No linked articles in our index yet.