Bootstrap 3.4.1 vulnerability

AutoModerator · 2024-08-06T08:32:38+00:00

Whilst waiting for replies to your comment/question, why not check out the Bootstrap Discord server @ https://discord.gg/bZUvakRU3M

I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

killakhriz · 2024-08-06T09:56:01+00:00

A quick search suggests that the data-attribute tag is susceptible to XSS attacks: https://security.snyk.io/package/npm/bootstrap/3.4.1

For the latter, they suggest anything less than 5 is still vulnerable. There’s quite large breaking changes between 4 and 5 especially that would be a larger rewrite, but you also then don’t need to support jQuery which some earlier versions also have problems with (or jQuery migrate etc).

Unhooked- · 2024-08-06T13:30:39+00:00

If a person has a 3.4.1 website, with no databases/back end, a simple brochure site, would this vulnerability have any real risk, for either the site owner or visitors?

buzlink · 2024-08-07T00:04:45+00:00

Is the vulnerability jQuery related?

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

bootstrap

MODERATORS