Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Boostrap versiones before 4.1.2 are vunerable to Cross-Site Scripting(XSS) attack #759

Open
guillermo-1212 opened this issue May 15, 2021 · 0 comments
Open

Boostrap versiones before 4.1.2 are vunerable to Cross-Site Scripting(XSS) attack #759

guillermo-1212 opened this issue May 15, 2021 · 0 comments

Comments

@guillermo-1212
Copy link

The IT department ran a tool to determine how secure is our site, which was detected the following vulnerability

Vulnerable javascript library: Bootstrap version: 4.0.0-beta
Details: CVE-2018-14041: The data-target property of scrollspy in bootstrap versions on or above 4.0.0-alpha and before 4.1.2 are vulnerable to Cross-Site Scripting(XSS) attacks. Please refer to vendor documentation (twbs/bootstrap#20184) for the latest security updates.

CVE-2018-14040: Bootstrap versions on or above 4.0.0-alpha and before 4.1.2 are vulnerable to Cross-Site Scripting(XSS) in collapse data-parent attribute. Please refer to vendor documentation (twbs/bootstrap#20184) for latest security updates.

CVE-2018-14042: Bootstrap versions on or above 4.0.0-alpha and before 4.1.2 are vulnerable to Cross-Site Scripting(XSS) in data-container property of tooltip. Please refer to vendor documentation (twbs/bootstrap#20184) for latest security updates.

Can you support me to update the bootstrap version?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@guillermo-1212