Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

GHSA-3wqf-4x89-9g79

GitHub Security Advisory

Bootstrap vulnerable to Cross-Site Scripting (XSS)

✓ GitHub Reviewed MODERATE Has CVE

Advisory Details

In Bootstrap starting in version 2.3.0 and prior to 3.4.0, as well as 4.x before 4.1.2, XSS is possible in the collapse data-parent attribute.

Affected Packages

npm bootstrap

Affected versions: 4.0.0 (fixed in 4.1.2)

RubyGems bootstrap

Affected versions: 4.0.0 (fixed in 4.1.2)

npm bootstrap

Affected versions: 2.3.0 (fixed in 3.4.0)

RubyGems bootstrap

Affected versions: 2.3.0 (fixed in 3.4.0)

Maven org.webjars:bootstrap

Affected versions: 4.0.0 (fixed in 4.1.2)

Maven org.webjars:bootstrap

Affected versions: 2.3.0 (fixed in 3.4.0)

NuGet bootstrap

Affected versions: 2.3.0 (fixed in 3.4.0)

NuGet bootstrap

Affected versions: 4.0.0 (fixed in 4.1.2)

NuGet bootstrap.sass

Affected versions: 4.0.0 (fixed in 4.1.2)

RubyGems bootstrap-sass

Affected versions: 2.3.0 (fixed in 3.4.0)

Packagist twbs/bootstrap

Affected versions: 2.3.0 (fixed in 3.4.0)

Packagist twbs/bootstrap

Affected versions: 4.0.0 (fixed in 4.1.2)

Related CVEs

CVE-2018-14040

Key Information

GHSA ID

GHSA-3wqf-4x89-9g79

Published

May 13, 2022 1:07 AM

Last Modified

August 5, 2024 4:33 PM

CVSS Score

5.0 /10

Primary Ecosystem

npm

Primary Package

bootstrap

GitHub Reviewed

✓ Yes

Dataset

Last updated: October 1, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.