Vulnerability	Vulnerable Version
M Cross-site Scripting bootstrap is a popular front-end framework for faster and easier web development. Affected versions of this package are vulnerable to Cross-site Scripting through the `data-loading-text` attribute in the button component. An attacker can execute arbitrary JavaScript code by injecting malicious scripts into this attribute. Note: This vulnerability is under active investigation and it may be updated with further details. How to fix Cross-site Scripting? Upgrade `bootstrap` to version 4.0.0 or higher.	<4.0.0
M Cross-site Scripting (XSS) bootstrap is a popular front-end framework for faster and easier web development. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to inadequate sanitization of the `href` attribute, belonging to an `<a>` tag, in the `carousel` component. An attacker can execute arbitrary JavaScript within the victim's browser by injecting malicious code into the `data-slide` or `data-slide-to` attributes. Notes: Exploiting this vulnerability is also possible when the `data_target` attribute doesn’t exist or can’t be found, allowing the bypass of the `clickHandler` functionality. How to fix Cross-site Scripting (XSS)? Upgrade `bootstrap` to version 5.0.0-beta1 or higher.	<5.0.0-beta1
M Cross-site Scripting (XSS) bootstrap is a popular front-end framework for faster and easier web development. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in `data-template`, `data-content` and `data-title` properties of tooltip/popover. How to fix Cross-site Scripting (XSS)? Upgrade `bootstrap` to version 3.4.1, 4.3.1 or higher.	<3.4.1>=4.0.0 <4.3.1

Go back to all versions of this package