VYPR

Bootstrap

by Twbs

Source repositories

CVEs (6)

  • CVE-2024-6485MedJul 11, 2024
    risk 0.42cvss 6.4epss 0.00

    A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting (XSS) attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript…

  • CVE-2025-1647MedMay 15, 2025
    risk 0.36cvss 5.6epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bootstrap allows Cross-Site Scripting (XSS).This issue affects Bootstrap: from 3.4.1 before 4.0.0.

  • CVE-2019-8331MedFeb 20, 2019
    risk 0.34cvss 6.1epss 0.17

    In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.

  • CVE-2018-20677MedJan 9, 2019
    risk 0.33cvss 6.1epss 0.04

    In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.

  • CVE-2018-20676MedJan 9, 2019
    risk 0.33cvss 6.1epss 0.04

    In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.

  • CVE-2016-10735MedJan 9, 2019
    risk 0.33cvss 6.1epss 0.04

    In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.