Bootstrap Vulnerable to Cross-Site Scripting
Moderate severity
GitHub Reviewed
Published
Feb 22, 2019
to the GitHub Advisory Database
•
Updated Aug 1, 2024
Description
Published by the National Vulnerability Database
Feb 20, 2019
Published to the GitHub Advisory Database
Feb 22, 2019
Reviewed
Jun 16, 2020
Last updated
Aug 1, 2024
Versions of
bootstrap
prior to 3.4.1 for 3.x and 4.3.1 for 4.x are vulnerable to Cross-Site Scripting (XSS). Thedata-template
attribute of the tooltip and popover plugins lacks input sanitization and may allow attacker to execute arbitrary JavaScript.Recommendation
For
bootstrap
4.x upgrade to 4.3.1 or later.For
bootstrap
3.x upgrade to 3.4.1 or later.References