logo
DATABASE RESOURCES PRICING ABOUT US

Cross-Site Scripting in bootstrap

Description

Versions of `bootstrap` prior to 3.4.1 for 3.x and 4.3.1 for 4.x are vulnerable to Cross-Site Scripting (XSS). The `data-template` attribute of the tooltip and popover plugins lacks input sanitization and may allow attacker to execute arbitrary JavaScript. ## Recommendation For `bootstrap` 4.x upgrade to 4.3.1 or later. For `bootstrap` 3.x upgrade to 3.4.1 or later.


Affected Software


CPE Name Name Version
bootstrap-sass 3.0.0
bootstrap-sass 3.4.1
bootstrap 4.3.1

Related