Bootstrap - XSS vulnerability on versions under 3.4.0, on data-target attribute.
Impact area
Security
Severity
High
Affected element
ServiceNow
UI Script
Salesforce
Static Resource
Rule number
SN-JSL-BOOTSTRAP-LESSTHAN-V340 (for ServiceNow)
SF-JSL-BOOTSTRAP-LESSTHAN-V340(for Salesforce)
Impact
The data-target attribute is vulnerable to Cross-Site Scripting attacks in versions before 3.4.0.
Remediation
Update bootstrap to the latest version.
Time to fix
30 min
References
This rule is linked to Common Weakness Enumeration CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').