logo
DATABASE RESOURCES PRICING ABOUT US

Cross-Site Scripting in bootstrap

Description

Versions of `bootstrap` prior to 3.4.1 for 3.x and 4.3.1 for 4.x are vulnerable to Cross-Site Scripting (XSS). The `data-template` attribute of the tooltip and popover plugins lacks input sanitization and may allow attacker to execute arbitrary JavaScript. ## Recommendation For `bootstrap` 4.x upgrade to 4.3.1 or later. For `bootstrap` 3.x upgrade to 3.4.1 or later.


Affected Software


CPE Name Name Version
bootstrap-sass 3.0.0.0
bootstrap-sass 3.0.1.0
bootstrap-sass 3.0.1.0.rc
bootstrap-sass 3.0.2.0
bootstrap-sass 3.0.2.1
bootstrap-sass 3.0.3.0
bootstrap-sass 3.1.0.0
bootstrap-sass 3.1.0.1
bootstrap-sass 3.1.0.2
bootstrap-sass 3.1.1.0
bootstrap-sass 3.1.1.1
bootstrap-sass 3.2.0.4
bootstrap-sass 3.3.0.0
bootstrap-sass 3.3.0.1
bootstrap-sass 3.3.1.0
bootstrap-sass 3.3.2.0
bootstrap-sass 3.3.2.1
bootstrap-sass 3.3.3
bootstrap-sass 3.3.4.1
bootstrap-sass 3.3.5
bootstrap-sass 3.3.5.1
bootstrap-sass 3.3.6
bootstrap-sass 3.3.7
bootstrap-sass 3.4.0

Related