Bootstrap 3.3.7 Vulnerabilities

Bootstrap 3.3.7 Vulnerabilities

The screenshot is from a Google Lighthouse test of the Camping World RV sales sub-site.

At the time of the Lighthouse test (May, 2020) the RV Sales Camping World site gave the Includes front-end JavaScript libraries with known security vulnerabilities warning due to old versions of three JavaScript libraries:

• Bootstrap v3.3.7
• jQuery v1.10.2
• jQuery UI v1.10.4

From a few Google searches, here’s a list of possible Bootstrap v3.3.7 cyber security vulnerabilities.

Bootstrap v3.3.7

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) indata-template, data-content and data-title properties of tooltip/popover.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the tooltip data-viewport attribute.

bootstrap is a popular front-end framework for faster and easier web development.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the affix configuration target property.

The solution is upgrade the Bootstrap and jQuery scripts to the latest version.

Continue Reading Includes front-end JavaScript libraries with known security vulnerabilities