| Bootstrap | Number Of NVD | 7 | CRITICAL | 0 | HIGH | 0 | MEDIUM | 7 | LOW | 0 |
| URL | https://getbootstrap.com/ | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Explanation | It is a CSS framework used by many users. Version 3 is no longer supported. Version 4 will be moved to long-term support after the release of 4.4, and only bug and security fixes will be provided, no new features will be added. After the new major version is released, the old major version will be supported for 6 months, followed by 6 months of bug fixes and security fixes. |
||||||||
| Tag | |||||||||
| No | Type | Name | URL |
|---|---|---|---|
| 1 | https://github.com/twbs/release | ||
| 2 | https://github.com/twbs/bootstrap |
| No | Name | Latest Version | Release date | Initial release | Normal Support | Security Support Service Pack Support |
Extended for a fee |
Critical | High | Medium | Low |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 1 | Boostrap 5 | 5.3.8 | Aug. 26, 2025 | May 5, 2021 | 0 | 0 | 0 | 0 | |||
| 2 | Boostrap 3 | 3.4.1 | Feb. 14, 2019 | Aug. 20, 2020 | July 24, 2019 | 0 | 0 | 6 | 0 | ||
| 3 | Boostrap 4 | 4.6.2 | July 20, 2022 | Jan. 19, 2018 | 0 | 0 | 5 | 0 | |||
| 4 | Boostrap 2 | 2.0.4 | 0 | 0 | 5 | 0 | |||||
| 5 | Boostrap 1 | 1.0.0 | 0 | 0 | 5 | 0 |
| No | CVSS3 CVSS2 |
Level Attach Vector |
Title | CWE | CVE | cpe23Uri | or higher | or less | more than | less than | Update date Published date |
Show Affected | Exploit PoC Search |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1 |
6.1 4.3 |
MEDIUM
Network |
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. |
CWE-79
Cross-site Scripting |
CVE-2019-8331 | cpe:2.3:a:getbootstrap:bootstrap:*:* |
4.3.0 |
|
|
3.4.1 4.3.1 |
2024-11-21 13:49 2019-02-21 |
Show | GitHub Exploit DB Packet Storm |
| 2 |
6.1 4.3 |
MEDIUM
Network |
In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property. |
CWE-79
Cross-site Scripting |
CVE-2018-20677 | cpe:2.3:a:getbootstrap:bootstrap:*:* | 3.4.0 |
2024-11-21 13:01 2019-01-9 |
Show | GitHub Exploit DB Packet Storm | |||
| 3 |
6.1 4.3 |
MEDIUM
Network |
In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute. |
CWE-79
Cross-site Scripting |
CVE-2018-20676 | cpe:2.3:a:getbootstrap:bootstrap:*:* | 3.4.0 |
2024-11-21 13:01 2019-01-9 |
Show | GitHub Exploit DB Packet Storm | |||
| 4 |
6.1 4.3 |
MEDIUM
Network |
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041. |
CWE-79
Cross-site Scripting |
CVE-2016-10735 |
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta cpe:2.3:a:getbootstrap:bootstrap:*:* |
3.0.0 | 3.4.0 |
2024-11-21 11:44 2019-01-9 |
Show | GitHub Exploit DB Packet Storm | ||
| 5 |
6.1 4.3 |
MEDIUM
Network |
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. |
CWE-79
Cross-site Scripting |
CVE-2018-14042 |
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3 cpe:2.3:a:getbootstrap:b… |
4.0.0 |
|
|
4.1.2 3.4.0 |
2024-11-21 12:48 2018-07-13 |
Show | GitHub Exploit DB Packet Storm |
| 6 |
6.1 4.3 |
MEDIUM
Network |
In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy. |
CWE-79
Cross-site Scripting |
CVE-2018-14041 |
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3 cpe:2.3:a:getbootstrap:b… |
4.0.0 | 4.1.2 |
2024-11-21 12:48 2018-07-13 |
Show | GitHub Exploit DB Packet Storm | ||
| 7 |
6.1 4.3 |
MEDIUM
Network |
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute. |
CWE-79
Cross-site Scripting |
CVE-2018-14040 |
cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3 cpe:2.3:a:getbootstrap:b… |
4.0.0 |
|
|
4.1.2 3.4.0 |
2024-11-21 12:48 2018-07-13 |
Show | GitHub Exploit DB Packet Storm |