Versions of bootstrap prior to 3.4.1 for 3.x and 4.3.1 for 4.x are vulnerable to Cross-Site Scripting (XSS). The data-template attribute of the tooltip and popover plugins lacks input sanitization and may allow attacker to execute arbitrary JavaScript.

Recommendation

For bootstrap 4.x upgrade to 4.3.1 or later.
For bootstrap 3.x upgrade to 3.4.1 or later.

References

Bootstrap release
MITRE CVE report
GitHub Advisory

CPENameOperatorVersion
bootstraplt3.4.1 || >=4.0.0 <4.3.1

CPE	Name	Operator	Version
	bootstrap	lt	3.4.1 \|\| >=4.0.0 <4.3.1

typo3 1

cve 2

f5 1

github 3

gitlab 1

redhat 15

githubexploit 1

redhatcve 1

prion 2

ibm 19

veracode 1

osv 5

debiancve 1

ubuntucve 1

hackerone 2

nessus 30

freebsd 1

laminas 1

openvas 1

jvn 1

ics 1

oraclelinux 3

centos 1

almalinux 2

rocky 2

amazon 1

oracle 1

typo3

Cross-Site Scripting in Bootstrap CSS toolkit before 3.4.1 and 4.3.0

2019-05-07 00:00:00

cve

CVE-2019-8331

2019-02-20 16:29:00

CVE-2023-32711

2023-06-01 17:15:10

K24383845 : Bootstrap vulnerability CVE-2019-8331

2019-04-10 00:00:00

github

Bootstrap Vulnerable to Cross-Site Scripting

2019-02-22 20:54:47

Moderate severity vulnerability that affects Bootstrap.Less, bootstrap, and bootstrap.sass

2019-02-22 20:54:40

Moderate severity vulnerability that affects bootstrap and bootstrap-sass

2019-02-22 20:54:27

gitlab

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

2019-02-20 00:00:00

redhat

(RHSA-2022:8865) Moderate: Red Hat OpenStack 16.1.9 (python-XStatic-Bootstrap-SCSS) security update

2022-12-07 20:09:53

(RHSA-2022:8848) Moderate: Red Hat OpenStack 16.2.4 (python-XStatic-Bootstrap-SCSS) security update

2022-12-07 19:00:35

(RHSA-2019:3024) Moderate: ovirt-web-ui security and bug fix update

2019-10-10 14:49:46

githubexploit

Exploit for Cross-site Scripting in Getbootstrap Bootstrap

2020-12-01 09:18:58

redhatcve

CVE-2019-8331

2020-01-04 09:44:24

prion

Design/Logic Flaw

2019-02-20 16:29:00

Cross site scripting

2023-06-01 17:15:00

ibm

Security Bulletin: IBM API Connect Developer Portal is affected by a cross site scripting vulnerability in Bootstrap (CVE-2019-8331)

2019-04-04 14:55:02

Security Bulletin: IBM Security Information Queue uses components with known vulnerabilities (CVE-2019-8331, CVE-2019-11358)

2020-04-07 16:23:23

Security Bulletin: Multiple vulnerabilities may affect IBM Robotic Process Automation

2022-03-02 16:40:15

veracode

Cross-site Scripting (XSS)

2019-02-14 08:50:01

osv

Bootstrap Vulnerable to Cross-Site Scripting

2019-02-22 20:54:47

CVE-2019-8331

2019-02-20 16:29:00

Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update

2020-11-03 12:25:36

debiancve

CVE-2019-8331

2019-02-20 16:29:00

ubuntucve

CVE-2019-8331

2019-02-20 00:00:00

hackerone

Sifchain: Cross-site Scripting (XSS) possible at https://sifchain.finance// via CVE-2019-8331 exploitation

2021-06-05 15:52:39

Sifchain: Vulnerable javascript dependency at Main domain

2021-05-07 20:48:11

nessus

RHEL 8 : Red Hat OpenStack 16.2.4 (python-XStatic-Bootstrap-SCSS) (RHSA-2022:8848)

2023-01-23 00:00:00

F5 Networks BIG-IP : Bootstrap vulnerability (K24383845)

2019-12-31 00:00:00

Splunk Enterprise 8.1.0 < 8.1.14, 8.2.0 < 8.2.11, 9.0.0 < 9.0.5 (SVD-2023-0605)

2023-06-01 00:00:00

freebsd

mantis -- multiple vulnerabilities

2019-08-28 00:00:00

laminas

XSS vectors in laminas-api-tools/api-tools

2020-04-01 21:30:00

openvas

Pi-hole Web Interface < 5.0 Multiple Vulnerabilities

2020-05-12 00:00:00

jvn

JVN#06527859: KinagaCMS vulnerable to cross-site scripting

2019-03-15 00:00:00

ics

Mitsubishi Electric EcoWebServerIII

2022-02-24 12:00:00

oraclelinux

idm:DL1 and idm:client security, bug fix, and enhancement update

2020-11-10 00:00:00

ipa security, bug fix, and enhancement update

2020-10-06 00:00:00

pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update

2020-11-10 00:00:00

centos

ipa, python2 security update

2020-10-20 18:15:27

almalinux

Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update

2020-11-03 12:25:36

Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update

2020-11-03 12:29:58

rocky

idm:DL1 and idm:client security, bug fix, and enhancement update

2020-11-03 12:25:36

pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update

2020-11-03 12:29:58

amazon

Medium: ipa

2020-10-22 17:40:00

oracle

Oracle Critical Patch Update Advisory - April 2021

2021-04-20 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

Related for NODEJS:891