Bootstrap – BootStrap Library – Cross-site Scripting (XSS)

Description

Kayran has detected that the version of Bootstrap being used is vulnerable to Cross-site scripting (XSS) attacks.
It seems that the Bootstrap library does not sanitize the incoming parameters properly.

Cross-site Scripting (XSS) is a security vulnerability in web applications that is caused by not validating inputs from the user.
That could allow attackers to inject malicious JavaScript code, execute codes through HTML tags and more.

Attackers often preform XSS attacks by sending malicious links to the user and enticing the user to click it.

Recommendation

The first recommendation is to sanitize user input properly to prevent it.

Update! It’s important to update your softwares so that it will fix bugs from previous versions.
Update your Bootstrap library to the latest version.

References

https://cwe.mitre.org/data/definitions/79.html

< Return to all Vulnerabilities

Red Team

You’ve probably heard that there are teams in the Cyber field called Red Team and Blue Team. Let’s talk about the red one, shall we?

Read More »