Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

GHSA-7mvr-5x2g-wfc8

GitHub Security Advisory

Bootstrap Cross-site Scripting vulnerability

✓ GitHub Reviewed MODERATE Has CVE

Advisory Details

In Bootstrap starting in version 2.3.0 and prior to versions 3.4.0 and 4.1.2, XSS is possible in the data-container property of tooltip. This is similar to CVE-2018-14041.

Affected Packages

RubyGems bootstrap

Affected versions: 4.0.0 (fixed in 4.1.2)

RubyGems bootstrap

Affected versions: 2.3.0 (fixed in 3.4.0)

npm bootstrap

Affected versions: 4.0.0 (fixed in 4.1.2)

npm bootstrap

Affected versions: 2.3.0 (fixed in 3.4.0)

Maven org.webjars:bootstrap

Affected versions: 4.0.0 (fixed in 4.1.2)

Maven org.webjars:bootstrap

Affected versions: 2.3.0 (fixed in 3.4.0)

Packagist twbs/bootstrap

Affected versions: 4.0.0 (fixed in 4.1.2)

Packagist twbs/bootstrap

Affected versions: 2.3.0 (fixed in 3.4.0)

NuGet bootstrap

Affected versions: 4.0.0 (fixed in 4.1.2)

NuGet bootstrap

Affected versions: 2.3.0 (fixed in 3.4.0)

RubyGems bootstrap-sass

Affected versions: 2.3.0 (fixed in 3.4.0)

npm bootstrap-sass

Affected versions: 2.0.4 (fixed in 3.4.0)

NuGet bootstrap.sass

Affected versions: 4.0.0 (fixed in 4.1.2)

Related CVEs

CVE-2018-14042

Key Information

GHSA ID

GHSA-7mvr-5x2g-wfc8

Published

September 13, 2018 3:50 PM

Last Modified

August 5, 2024 4:31 PM

CVSS Score

5.0 /10

Primary Ecosystem

RubyGems

Primary Package

bootstrap

GitHub Reviewed

✓ Yes

Dataset

Last updated: October 1, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.