bootstrap@4.0.0-alpha.3 vulnerabilities

The most popular front-end framework for developing responsive, mobile first projects on the web.

latest version

5.3.3
latest non vulnerable version

5.3.3
first published

13 years ago
latest version published

5 months ago
licenses detected
- MIT
  >=0
View bootstrap package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the bootstrap package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Cross-site Scripting bootstrap is a popular front-end framework for faster and easier web development. Affected versions of this package are vulnerable to Cross-site Scripting through the `data-loading-text` attribute in the button component. An attacker can execute arbitrary JavaScript code by injecting malicious scripts into this attribute. Note: This vulnerability is under active investigation and it may be updated with further details. How to fix Cross-site Scripting? Upgrade `bootstrap` to version 4.0.0 or higher.	<4.0.0
M Cross-site Scripting (XSS) bootstrap is a popular front-end framework for faster and easier web development. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to inadequate sanitization of the `href` attribute, belonging to an `<a>` tag, in the `carousel` component. An attacker can execute arbitrary JavaScript within the victim's browser by injecting malicious code into the `data-slide` or `data-slide-to` attributes. Notes: Exploiting this vulnerability is possible when the `data_target` attribute doesn’t exist or can’t be found, allowing the bypass of the `clickHandler` functionality; This vulnerability is under active investigation and it may be updated with further details. How to fix Cross-site Scripting (XSS)? Upgrade `bootstrap` to version 4.0.0 or higher.	<4.0.0

Cross-site Scripting

bootstrap is a popular front-end framework for faster and easier web development.

Affected versions of this package are vulnerable to Cross-site Scripting through the data-loading-text attribute in the button component. An attacker can execute arbitrary JavaScript code by injecting malicious scripts into this attribute.

Note:

This vulnerability is under active investigation and it may be updated with further details.

How to fix Cross-site Scripting?

Upgrade bootstrap to version 4.0.0 or higher.

<4.0.0

Cross-site Scripting (XSS)

bootstrap is a popular front-end framework for faster and easier web development.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to inadequate sanitization of the href attribute, belonging to an <a> tag, in the carousel component. An attacker can execute arbitrary JavaScript within the victim's browser by injecting malicious code into the data-slide or data-slide-to attributes.

Notes:

Exploiting this vulnerability is possible when the data_target attribute doesn’t exist or can’t be found, allowing the bypass of the clickHandler functionality;
This vulnerability is under active investigation and it may be updated with further details.

How to fix Cross-site Scripting (XSS)?

Upgrade bootstrap to version 4.0.0 or higher.

<4.0.0

Go back to all versions of this package

bootstrap@4.0.0-alpha.3 vulnerabilities

The most popular front-end framework for developing responsive, mobile first projects on the web.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities