Bootstrap: XSS possible in data-target property of scrollspy

Created on 29 May 2018  路  3Comments  路  Source: twbs/bootstrap

XSS possible in scrollspy data-target attribute
data-target="<img src=1 onerror=alert(123) />"
Bootstrap 4.1.1 in combination with JQuery 3.3.1

confirmed js v4
Source
picture 1Jesper1

Most helpful comment

during some tests in the Debian LTS security team, it was determined that Bootstrap 2.0.2, 3.2.0 and 3.3.7 are not affected by this issue.

picture anarcat on 27 Aug 2018
👍2 🎉1

All 3 comments

Bug reports must include a live demo of the problem. Per our contributing guidelines, please create a reduced test case via CodePen or JS Bin and report back with your link, Bootstrap version, and specific browser and OS details.

Johann-S picture Johann-S on 30 May 2018

https://jsbin.com/toxogipewo/edit?html,output

Browser: Chrome Version 66.0.3359.181 64x
OS: Windows 10 64x

1Jesper1 picture 1Jesper1 on 30 May 2018

during some tests in the Debian LTS security team, it was determined that Bootstrap 2.0.2, 3.2.0 and 3.3.7 are not affected by this issue.

anarcat picture anarcat on 27 Aug 2018
👍2 🎉1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

MrCsabaToth picture MrCsabaToth  路  3Comments
ziyi2 picture ziyi2  路  3Comments
athimannil picture athimannil  路  3Comments
devfrey picture devfrey  路  3Comments
eddywashere picture eddywashere  路  3Comments