org.webjars.npm:bootstrap 5.0.0-alpha1 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.webjars.npm:bootstrap package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) org.webjars.npm:bootstrap is a WebJar for bootstrap. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the `carousel` component through the `href` attribute of an `<a>` tag due to inadequate sanitization. An attacker can execute arbitrary JavaScript within the victim's browser by crafting malicious input in the `data-slide` attribute. Notes: Exploiting this vulnerability is also possible when the `data_target` attribute doesn’t exist or can’t be found, allowing the bypass of the `clickHandler` functionality. How to fix Cross-site Scripting (XSS)? Upgrade `org.webjars.npm:bootstrap` to version 5.0.0-beta1 or higher.	[4.0.0,5.0.0-beta1)
M Cross-site Scripting (XSS) org.webjars.npm:bootstrap is a WebJar for bootstrap. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to inadequate sanitization of the `href` attribute, belonging to an `<a>` tag, in the `carousel` component. An attacker can execute arbitrary JavaScript within the victim's browser by injecting malicious code into the `data-slide` or `data-slide-to` attributes. Notes: Exploiting this vulnerability is also possible when the `data_target` attribute doesn’t exist or can’t be found, allowing the bypass of the `clickHandler` functionality. How to fix Cross-site Scripting (XSS)? Upgrade `org.webjars.npm:bootstrap` to version 5.0.0-beta1 or higher.	[,5.0.0-beta1)

Vulnerability

Vulnerable Version

Cross-site Scripting (XSS)

org.webjars.npm:bootstrap is a WebJar for bootstrap.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the carousel component through the href attribute of an <a> tag due to inadequate sanitization. An attacker can execute arbitrary JavaScript within the victim's browser by crafting malicious input in the data-slide attribute.

Notes:

Exploiting this vulnerability is also possible when the data_target attribute doesn’t exist or can’t be found, allowing the bypass of the clickHandler functionality.

How to fix Cross-site Scripting (XSS)?

Upgrade org.webjars.npm:bootstrap to version 5.0.0-beta1 or higher.

[4.0.0,5.0.0-beta1)

Cross-site Scripting (XSS)

org.webjars.npm:bootstrap is a WebJar for bootstrap.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to inadequate sanitization of the href attribute, belonging to an <a> tag, in the carousel component. An attacker can execute arbitrary JavaScript within the victim's browser by injecting malicious code into the data-slide or data-slide-to attributes.

Notes:

Exploiting this vulnerability is also possible when the data_target attribute doesn’t exist or can’t be found, allowing the bypass of the clickHandler functionality.

How to fix Cross-site Scripting (XSS)?

Upgrade org.webjars.npm:bootstrap to version 5.0.0-beta1 or higher.

[,5.0.0-beta1)

org.webjars.npm:bootstrap@5.0.0-alpha1 vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities

How to fix?