In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| bootstrap(npm) | 4.0.0 | 4.1.2 | N/A |
| bootstrap(RubyGems) | 4.0.0 | 4.1.2 | N/A |
| bootstrap(npm) | 2.3.0 | 3.4.0 | N/A |
| bootstrap(RubyGems) | 2.3.0 | 3.4.0 | N/A |
| org.webjars:bootstrap(Maven) | 4.0.0 | 4.1.2 | N/A |
| org.webjars:bootstrap(Maven) | 2.3.0 | 3.4.0 | N/A |
| bootstrap(NuGet) | 2.3.0 | 3.4.0 | N/A |
| bootstrap(NuGet) | 4.0.0 | 4.1.2 | N/A |
| bootstrap.sass(NuGet) | 4.0.0 | 4.1.2 | N/A |
| bootstrap-sass(RubyGems) | 2.3.0 | 3.4.0 | N/A |
| twbs/bootstrap(Packagist) | 2.3.0 | 3.4.0 | N/A |
| twbs/bootstrap(Packagist) | 4.0.0 | 4.1.2 | N/A |
CVSS Metrics
