USN-7556-1: Bootstrap vulnerabilities

🗓️ 05 Jun 2025 04:47:40Reported by UbuntuType

ubuntu

ubuntu🔗 ubuntu.com👁 3 Views

Bootstrap had input sanitization flaws in carousel and button plugins, allowing XSS attacks.

Reporter	Title	Published	Views	Family All 98
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM API Connect	15 Mar 202500:18	–	ibm
IBM Security Bulletins	Security Bulletin: IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities	16 Apr 202514:34	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Bootstrap (CVE-2024-6531) affects Power HMC.	24 Mar 202509:33	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect IBM Data Virtualization on Cloud Pak for Data (February 2025)	15 Apr 202503:52	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Bootstrap affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.	14 May 202519:23	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM API Connect	19 Dec 202416:32	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM API Connect	30 Jan 202617:20	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Fasterxml Jackson,FasterXML Jackson Core,Bouncy Castle Java, Netty,Hibernate Validator,JCraft JSch,Apache Tomcat,Bootstrap might affect IBM Storage Defender Copy Data Management	12 Dec 202515:28	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to bootstrap-4.6.2 CVE-2024-6531	13 Feb 202509:35	–	ibm
IBM Security Bulletins	Security Bulletin: Cross-Site Scripting (XSS) Vulnerability in data-target Attribute Handling in Bootstrap, affects watsonx.data	7 Apr 202611:00	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Ubuntu	20.04	any	fonts-glyphicons-halflings	1.009~3.4.1+dfsg-1ubuntu0.1~esm1	fonts-glyphicons-halflings_1.009~3.4.1+dfsg-1ubuntu0.1~esm1_any.deb
Ubuntu	22.04	any	fonts-glyphicons-halflings	1.009~3.4.1+dfsg-2+deb11u2build0.22.04.1	fonts-glyphicons-halflings_1.009~3.4.1+dfsg-2+deb11u2build0.22.04.1_any.deb
Ubuntu	24.04	any	fonts-glyphicons-halflings	1.009~3.4.1+dfsg-3+deb12u1build0.24.04.1	fonts-glyphicons-halflings_1.009~3.4.1+dfsg-3+deb12u1build0.24.04.1_any.deb
Ubuntu	24.10	any	fonts-glyphicons-halflings	1.009~3.4.1+dfsg-3+deb12u1build0.24.10.1	fonts-glyphicons-halflings_1.009~3.4.1+dfsg-3+deb12u1build0.24.10.1_any.deb
Ubuntu	25.04	any	fonts-glyphicons-halflings	1.009~3.4.1+dfsg-3+deb12u1build0.25.04.1	fonts-glyphicons-halflings_1.009~3.4.1+dfsg-3+deb12u1build0.25.04.1_any.deb
Ubuntu	16.04	any	libjs-bootstrap	3.3.6+dfsg-1ubuntu0.1~esm1	libjs-bootstrap_3.3.6+dfsg-1ubuntu0.1~esm1_any.deb
Ubuntu	18.04	any	libjs-bootstrap	3.3.7+dfsg-2ubuntu0.1~esm1	libjs-bootstrap_3.3.7+dfsg-2ubuntu0.1~esm1_any.deb
Ubuntu	20.04	any	libjs-bootstrap	3.4.1+dfsg-1ubuntu0.1~esm1	libjs-bootstrap_3.4.1+dfsg-1ubuntu0.1~esm1_any.deb
Ubuntu	20.04	any	libjs-bootstrap4	4.4.1+dfsg1-2ubuntu0.1~esm1	libjs-bootstrap4_4.4.1+dfsg1-2ubuntu0.1~esm1_any.deb
Ubuntu	22.04	any	libjs-bootstrap4	4.6.0+dfsg1-4ubuntu0.1~esm1	libjs-bootstrap4_4.6.0+dfsg1-4ubuntu0.1~esm1_any.deb

05 Jun 2025 04:47Current

6.9Medium risk

Vulners AI Score6.9

CVSS 3.16.4

EPSS0.00139

SSVC

bootstrap vulnerabilities input sanitization carousel component button plugin xss attacks