Bootstrap – BootStrap Library – Cross-site Scripting (XSS)

Description

Kayran has detected that the version of Bootstrap being used is vulnerable to Cross-site scripting (XSS) attacks.
It seems that the Bootstrap library does not sanitize the incoming parameters properly.

Cross-site Scripting (XSS) is a security vulnerability in web applications that is caused by not validating inputs from the user.
That could allow attackers to inject malicious JavaScript code, execute codes through HTML tags and more.

Attackers often preform XSS attacks by sending malicious links to the user and enticing the user to click it.

Recommendation

The first recommendation is to sanitize user input properly to prevent it.

Update! It’s important to update your softwares so that it will fix bugs from previous versions.
Update your Bootstrap library to the latest version.

References

https://cwe.mitre.org/data/definitions/79.html

< Return to all Vulnerabilities

Bug Bounties

As pirates, we all love plundering, we all love raiding, but mostly, we all love bounties, especially Bug Bounties. Let’s talk about it. Bug Bounties

Read More »

SQLI to RCE

How to preform SQLI TO RCE? One of the most interesting and important things about any site is the database. So, it’s important to protect

Read More »