[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2018-20677":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T20:55:29.923Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":54,"duplicate_of":9,"upstream":56,"downstream":57,"duplicates":76,"related":77,"reserved_at":9,"published_at":80,"modified_at":81,"state":82,"summary":83,"references_raw":91,"kevs":198,"epss":199,"epss_history":202,"metrics":457,"affected":474},"CVE-2018-20677","In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-79","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-209","XSS Using MIME Type Mismatch",[],{"id":25,"name":26,"techniques":27},"CAPEC-588","DOM-Based XSS",[],{"id":29,"name":30,"techniques":31},"CAPEC-591","Reflected XSS",[],{"id":33,"name":34,"techniques":35},"CAPEC-592","Stored XSS",[],{"id":37,"name":38,"techniques":39},"CAPEC-63","Cross-Site Scripting (XSS)",[],{"id":41,"name":42,"techniques":43},"CAPEC-85","AJAX Footprinting",[],[45],{"_key":46,"name":47,"source":48,"url":49,"maturity":50,"reliability_score":51,"verified":52,"type":9,"platforms":53,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_TWBS_BOOTSTRAP","Bootstrap","github","https://github.com/twbs/bootstrap/issues/20184","poc",0.3,false,[],[55],"GHSA-ph58-4vrj-w6hr",[],[58,60,62,64,66,68,70,72,74],{"_key":59},"DEBIAN-CVE-2018-20677",{"_key":61},"RHBA-2019:1076",{"_key":63},"RHBA-2019:1570",{"_key":65},"RHSA-2019:3023",{"_key":67},"RHSA-2020:3936",{"_key":69},"RHSA-2020:4670",{"_key":71},"RHSA-2020:5571",{"_key":73},"RHSA-2023:5693",{"_key":75},"UBUNTU-CVE-2018-20677",[],[78],{"_key":79},"CGA-6GHX-MG6M-JR6M","2019-01-09T05:00:00.000Z","2024-08-05T12:05:17.696Z","Modified",{"cisa_kev":52,"cisa_ransomware":52,"cisa_vendor":9,"epss_severity":84,"epss_score":85,"severity":86,"severity_score":87,"severity_version":88,"severity_source":89,"severity_vector":90,"severity_status":82},"low",0.09805,"medium",6.1,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",[92,104,109,115,120,124,129,133,137,143,147,151,155,159,164,169,173,177,181,186,190,194],{"url":93,"sources":94,"tags":99},"https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906",[95,89,96,97,98],"cve.org","osv_npm","osv_maven","osv_nuget",[100,101,102,103],"X Refsource MISC","Issue Tracking","Third Party Advisory","WEB",{"url":105,"sources":106,"tags":107},"https://github.com/twbs/bootstrap/issues/27045",[95,89,96,97,98],[100,108,101,102,103],"Exploit",{"url":110,"sources":111,"tags":112},"https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/",[95,89],[100,113,114],"Release Notes","Vendor Advisory",{"url":116,"sources":117,"tags":118},"https://github.com/twbs/bootstrap/pull/27047",[95,89,96,97,98],[100,119,102,103],"Patch",{"url":121,"sources":122,"tags":123},"https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628",[95,89,96,97,98],[100,101,102,103],{"url":125,"sources":126,"tags":127},"https://access.redhat.com/errata/RHSA-2019:1456",[95,89,96,97,98],[114,128,103],"X Refsource REDHAT",{"url":130,"sources":131,"tags":132},"https://access.redhat.com/errata/RHBA-2019:1076",[95,89,96,97,98],[114,128,103],{"url":134,"sources":135,"tags":136},"https://access.redhat.com/errata/RHBA-2019:1570",[95,89,96,97,98],[114,128,103],{"url":138,"sources":139,"tags":140},"https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3E",[95,89],[141,142],"Mailing List","X Refsource MLIST",{"url":144,"sources":145,"tags":146},"https://access.redhat.com/errata/RHSA-2019:3023",[95,89,96,97,98],[114,128,103],{"url":148,"sources":149,"tags":150},"https://access.redhat.com/errata/RHSA-2020:0132",[95,89,96,97,98],[114,128,103],{"url":152,"sources":153,"tags":154},"https://access.redhat.com/errata/RHSA-2020:0133",[95,89,96,97,98],[114,128,103],{"url":156,"sources":157,"tags":158},"https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E",[95,89],[141,142],{"url":160,"sources":161,"tags":162},"https://www.tenable.com/security/tns-2021-14",[95,89],[163],"X Refsource CONFIRM",{"url":165,"sources":166,"tags":167},"https://nvd.nist.gov/vuln/detail/CVE-2018-20677",[96,97,98],[168],"Advisory",{"url":170,"sources":171,"tags":172},"https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d",[96,97,98],[103],{"url":174,"sources":175,"tags":176},"https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E",[96,97,98],[103],{"url":178,"sources":179,"tags":180},"https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E",[96,97,98],[103],{"url":182,"sources":183,"tags":184},"https://github.com/twbs/bootstrap",[96,97,98],[185],"PACKAGE",{"url":187,"sources":188,"tags":189},"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2018-20677.yml",[96,97,98],[103],{"url":191,"sources":192,"tags":193},"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2018-20677.yml",[96,97,98],[103],{"url":195,"sources":196,"tags":197},"https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0",[96,97,98],[103],[],{"date":200,"score":85,"percentile":201},"2026-06-04",0.93107,[203,207,210,213,216,219,222,224,227,230,233,236,238,241,244,248,251,254,257,260,263,266,269,271,273,276,279,281,285,288,291,294,297,300,302,305,307,310,313,316,319,322,325,328,331,334,336,338,341,344,347,350,353,356,360,363,366,368,371,374,377,380,382,384,387,390,392,394,396,398,401,403,406,409,412,415,418,421,423,426,429,432,435,438,441,443,446,449,451,454],{"date":204,"score":205,"percentile":206},"2025-11-04",0.11866,0.93427,{"date":208,"score":205,"percentile":209},"2025-11-05",0.93426,{"date":211,"score":205,"percentile":212},"2025-11-06",0.93428,{"date":214,"score":205,"percentile":215},"2025-11-07",0.93432,{"date":217,"score":205,"percentile":218},"2025-11-08",0.93431,{"date":220,"score":205,"percentile":221},"2025-11-09",0.93429,{"date":223,"score":205,"percentile":221},"2025-11-10",{"date":225,"score":205,"percentile":226},"2025-11-11",0.93433,{"date":228,"score":205,"percentile":229},"2025-11-12",0.93438,{"date":231,"score":205,"percentile":232},"2025-11-13",0.93441,{"date":234,"score":205,"percentile":235},"2025-11-14",0.93444,{"date":237,"score":205,"percentile":229},"2025-11-15",{"date":239,"score":205,"percentile":240},"2025-11-16",0.93442,{"date":242,"score":205,"percentile":243},"2025-11-17",0.9344,{"date":245,"score":246,"percentile":247},"2025-11-18",0.03039,0.85423,{"date":249,"score":246,"percentile":250},"2025-11-19",0.85425,{"date":252,"score":246,"percentile":253},"2025-11-20",0.85427,{"date":255,"score":205,"percentile":256},"2025-11-21",0.9345,{"date":258,"score":205,"percentile":259},"2025-11-22",0.93449,{"date":261,"score":205,"percentile":262},"2025-11-23",0.93454,{"date":264,"score":205,"percentile":265},"2025-11-24",0.93456,{"date":267,"score":205,"percentile":268},"2025-11-25",0.93458,{"date":270,"score":205,"percentile":265},"2025-11-26",{"date":272,"score":205,"percentile":268},"2025-11-27",{"date":274,"score":205,"percentile":275},"2025-11-28",0.93451,{"date":277,"score":205,"percentile":278},"2025-11-29",0.93457,{"date":280,"score":205,"percentile":265},"2025-11-30",{"date":282,"score":283,"percentile":284},"2025-12-01",0.09355,0.92499,{"date":286,"score":283,"percentile":287},"2025-12-02",0.92504,{"date":289,"score":283,"percentile":290},"2025-12-03",0.92506,{"date":292,"score":205,"percentile":293},"2025-12-04",0.9346,{"date":295,"score":205,"percentile":296},"2025-12-05",0.93463,{"date":298,"score":205,"percentile":299},"2025-12-06",0.93462,{"date":301,"score":205,"percentile":299},"2025-12-07",{"date":303,"score":205,"percentile":304},"2025-12-08",0.93466,{"date":306,"score":205,"percentile":304},"2025-12-09",{"date":308,"score":205,"percentile":309},"2025-12-10",0.93471,{"date":311,"score":205,"percentile":312},"2025-12-11",0.93475,{"date":314,"score":205,"percentile":315},"2025-12-12",0.93478,{"date":317,"score":205,"percentile":318},"2025-12-13",0.93482,{"date":320,"score":205,"percentile":321},"2025-12-14",0.9348,{"date":323,"score":205,"percentile":324},"2025-12-15",0.93483,{"date":326,"score":205,"percentile":327},"2025-12-16",0.93481,{"date":329,"score":205,"percentile":330},"2025-12-17",0.93485,{"date":332,"score":205,"percentile":333},"2025-12-18",0.93488,{"date":335,"score":205,"percentile":333},"2025-12-19",{"date":337,"score":205,"percentile":330},"2025-12-20",{"date":339,"score":205,"percentile":340},"2025-12-21",0.93489,{"date":342,"score":205,"percentile":343},"2025-12-22",0.93495,{"date":345,"score":205,"percentile":346},"2025-12-23",0.93487,{"date":348,"score":205,"percentile":349},"2025-12-24",0.93492,{"date":351,"score":205,"percentile":352},"2025-12-25",0.93505,{"date":354,"score":205,"percentile":355},"2025-12-26",0.93503,{"date":357,"score":358,"percentile":359},"2025-12-27",0.08875,0.92312,{"date":361,"score":205,"percentile":362},"2025-12-28",0.935,{"date":364,"score":205,"percentile":365},"2025-12-29",0.93499,{"date":367,"score":205,"percentile":365},"2025-12-30",{"date":369,"score":205,"percentile":370},"2025-12-31",0.93504,{"date":372,"score":283,"percentile":373},"2026-01-01",0.92561,{"date":375,"score":283,"percentile":376},"2026-01-02",0.92556,{"date":378,"score":283,"percentile":379},"2026-01-03",0.92554,{"date":381,"score":205,"percentile":365},"2026-01-04",{"date":383,"score":205,"percentile":343},"2026-01-05",{"date":385,"score":205,"percentile":386},"2026-01-06",0.93496,{"date":388,"score":205,"percentile":389},"2026-01-07",0.93497,{"date":391,"score":205,"percentile":362},"2026-01-08",{"date":393,"score":205,"percentile":370},"2026-01-09",{"date":395,"score":205,"percentile":352},"2026-01-10",{"date":397,"score":205,"percentile":355},"2026-01-11",{"date":399,"score":205,"percentile":400},"2026-01-12",0.93501,{"date":402,"score":205,"percentile":362},"2026-01-13",{"date":404,"score":205,"percentile":405},"2026-01-14",0.93509,{"date":407,"score":205,"percentile":408},"2026-01-15",0.9351,{"date":410,"score":205,"percentile":411},"2026-01-16",0.93516,{"date":413,"score":205,"percentile":414},"2026-01-17",0.93521,{"date":416,"score":205,"percentile":417},"2026-01-18",0.93514,{"date":419,"score":205,"percentile":420},"2026-01-19",0.93515,{"date":422,"score":205,"percentile":411},"2026-01-20",{"date":424,"score":205,"percentile":425},"2026-01-21",0.9352,{"date":427,"score":205,"percentile":428},"2026-01-22",0.93523,{"date":430,"score":205,"percentile":431},"2026-01-23",0.93525,{"date":433,"score":205,"percentile":434},"2026-01-24",0.93529,{"date":436,"score":205,"percentile":437},"2026-01-25",0.93532,{"date":439,"score":205,"percentile":440},"2026-01-26",0.93533,{"date":442,"score":205,"percentile":440},"2026-01-27",{"date":444,"score":205,"percentile":445},"2026-01-28",0.93538,{"date":447,"score":205,"percentile":448},"2026-01-29",0.93539,{"date":450,"score":205,"percentile":445},"2026-01-30",{"date":452,"score":205,"percentile":453},"2026-01-31",0.93542,{"date":455,"score":283,"percentile":456},"2026-02-01",0.92603,[458,468,470,472],{"source":89,"cvss_v2_0":459,"cvss_v3_0":464,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":460,"baseSeverity":9,"vectorString":461,"impactScore":462,"exploitabilityScore":463},4.3,"AV:N/AC:M/Au:N/C:N/I:P/A:N",2.9,8.6,{"baseScore":87,"baseSeverity":465,"vectorString":90,"impactScore":466,"exploitabilityScore":467},"MEDIUM",4.5,7.2,{"source":96,"cvss_v2_0":9,"cvss_v3_0":469,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":87,"baseSeverity":9,"vectorString":90,"impactScore":466,"exploitabilityScore":467},{"source":97,"cvss_v2_0":9,"cvss_v3_0":471,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":87,"baseSeverity":9,"vectorString":90,"impactScore":466,"exploitabilityScore":467},{"source":98,"cvss_v2_0":9,"cvss_v3_0":473,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":87,"baseSeverity":9,"vectorString":90,"impactScore":466,"exploitabilityScore":467},[475,488,493,497,504,511,517,520],{"ecosystem":476,"name":477,"vendor":478,"product":479,"cpe_part":9,"purl_type":480,"purl_namespace":478,"purl_name":479,"source":9,"versions":481},"Packagist","twbs/bootstrap","twbs","bootstrap","composer",[482],{"version":483,"is_range":484,"range_type":485,"version_start":9,"version_start_type":9,"version_end":486,"version_end_type":487,"fixed_in":9},"lt3_4_0",true,"ecosystem","3.4.0","excluding",{"ecosystem":489,"name":479,"vendor":489,"product":479,"cpe_part":9,"purl_type":490,"purl_namespace":9,"purl_name":479,"source":9,"versions":491},"RubyGems","gem",[492],{"version":483,"is_range":484,"range_type":485,"version_start":9,"version_start_type":9,"version_end":486,"version_end_type":487,"fixed_in":9},{"ecosystem":489,"name":494,"vendor":489,"product":494,"cpe_part":9,"purl_type":490,"purl_namespace":9,"purl_name":494,"source":9,"versions":495},"bootstrap-sass",[496],{"version":483,"is_range":484,"range_type":485,"version_start":9,"version_start_type":9,"version_end":486,"version_end_type":487,"fixed_in":9},{"ecosystem":9,"name":479,"vendor":498,"product":479,"cpe_part":499,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":500},"getbootstrap","a",[501],{"version":502,"is_range":484,"range_type":503,"version_start":9,"version_start_type":9,"version_end":486,"version_end_type":487,"fixed_in":9},"lt3.4.0","cpe",{"ecosystem":505,"name":506,"vendor":507,"product":479,"cpe_part":9,"purl_type":508,"purl_namespace":507,"purl_name":479,"source":9,"versions":509},"Maven","org.webjars:bootstrap","org.webjars","maven",[510],{"version":483,"is_range":484,"range_type":485,"version_start":9,"version_start_type":9,"version_end":486,"version_end_type":487,"fixed_in":9},{"ecosystem":512,"name":479,"vendor":512,"product":479,"cpe_part":9,"purl_type":513,"purl_namespace":9,"purl_name":479,"source":9,"versions":514},"Npm","npm",[515],{"version":483,"is_range":484,"range_type":516,"version_start":9,"version_start_type":9,"version_end":486,"version_end_type":487,"fixed_in":9},"semver",{"ecosystem":512,"name":494,"vendor":512,"product":494,"cpe_part":9,"purl_type":513,"purl_namespace":9,"purl_name":494,"source":9,"versions":518},[519],{"version":483,"is_range":484,"range_type":516,"version_start":9,"version_start_type":9,"version_end":486,"version_end_type":487,"fixed_in":9},{"ecosystem":521,"name":479,"vendor":521,"product":479,"cpe_part":9,"purl_type":522,"purl_namespace":9,"purl_name":479,"source":9,"versions":523},"NuGet","nuget",[524],{"version":483,"is_range":484,"range_type":485,"version_start":9,"version_start_type":9,"version_end":486,"version_end_type":487,"fixed_in":9}]