CVE-2019-8331

CVE-2019-8331 affects Bootstrap: XSS in tooltip/popover data-template attribute observed in Bootstrap 3.4.1 and 4.3.x before 4.3.1. The underlying issue is an input that can inject script into a client browser when the vulnerable template is rendered. Affected versions include Bootstrap 3.x prior...

CVE-2018-14040

CVE-2018-14040 affects Bootstrap prior to 4.1.2, where an XSS vulnerability exists in the collapse data-parent attribute. The root cause is HTML/script-injection via the collapse component’s data-parent handling. The vulnerability impacts Bootstrap-based implementations using collapse and can lea...

CVE-2018-20676

CVE-2018-20676 affects Bootstrap 3.x up to 3.4.0, where XSS is possible via the tooltip data-viewport attribute due to unsafe handling of input. Affected component: tooltip data-viewport. Impact stated: cross-site scripting with potential partial integrity impact; no exploitation details provided...

CVE-2018-14042

CVE-2018-14042 refers to Bootstrap prior to 4.1.2 where the data-container property used by tooltips can trigger cross-site scripting (XSS). The vulnerability arises in the tooltip component’s handling of the data-container attribute, enabling injection of arbitrary HTML/JS when the affected Boot...

CVE-2018-20677

Bootstrap before 3.4.0 is vulnerable to cross-site scripting via the affix configuration target property due to improper handling of input in that attribute. The issue enables XSS in the affected component, and the condition is described as existing in Bootstrap 3.x prior to 3.4.0. Public referen...