While there is no single "headline" exploit unique only to Bootstrap 5.1.3, this specific version is susceptible to several known Cross-Site Scripting (XSS) vulnerabilities that affect the Bootstrap 5.x branch.
Recommended mitigations for developers
If you're using a CDN or manually including Bootstrap in your project, update your includes to point to the latest patched version.
This code injects a malicious CSS style that can potentially lead to unauthorized styling or layout modifications.
Example:
Security Advisory: Cross-Site Scripting (XSS) in Bootstrap Components Target Version: Bootstrap 5.1.3 (and earlier) Vulnerability Type: Cross-Site Scripting (XSS) Component: Carousel, Tooltips, or Popovers 1. Executive Summary
Button Plugin (CVE-2024-6485): The data-loading-text attribute in buttons is vulnerable to script injection. When the button’s "loading" state is triggered, any malicious code placed in that attribute is executed .
Leverans i Polska
Leverans i Finland
