We use the bootstrap-slider plugin in our project.
Curentlly our white box security report show an security issue about "Client Potential Code Injection" in bootstrap-slider.js (v11.0.2)
Following is some sample code where security show have security issue.
Dose bootstrap-slider has any new update?
Thanks for your help.
The application's createNewSlider method receives and dynamically executes user-controlled code
using hideTooltip, at /11.0.2/bootstrap-slider.js. This could enable an attacker to inject and run arbitrary code.
The attacker can inject the malicious payload into the victim's browser, via external input value. This is read by
the browser in the createNewSlider method, at/11.0.2/bootstrap-slider.js. The browser then executes this code itself.
The application's createNewSlider method receives and dynamically executes user-controlled code
using showTooltip, at /11.0.2/bootstrap-slider.js. This could enable an attacker to inject and run arbitrary code.
The attacker can inject the malicious payload into the victim's browser, via external input value. This is read by
the browser in the createNewSlider method, at /11.0.2/bootstrap-slider.js. The browser then executes this code itself.
The application's createNewSlider method receives and dynamically executes user-controlled code
using resize, at/11.0.2/bootstrap-slider.js. This could enable an attacker to inject and run arbitrary code.
The attacker can inject the malicious payload into the victim's browser, via external input value. This is read by
the browser in the createNewSlider method, at /11.0.2/bootstrap-slider.js. The browser then executes this code itself.
The application's createNewSlider method receives and dynamically executes user-controlled code
using touchstart, at 11.0.2/bootstrap-slider.js. This could enable an attacker to inject and run arbitrary code.
The attacker can inject the malicious payload into the victim's browser, via external input value. This is read by
the browser in the createNewSlider method, at /11.0.2/bootstrap-slider.js. The browser then executes this code itself.
The application's createNewSlider method receives and dynamically executes user-controlled code
using mousedown, at /11.0.2/bootstrap-slider.js. This could enable an attacker to inject and run arbitrary code.
The attacker can inject the malicious payload into the victim's browser, via external input value. This is read by
the browser in the createNewSlider method, at /11.0.2/bootstrap-slider.js. The browser then executes this code itself.
I'm not sure what service this is, but these reports are not very accurate. Regardless, if you're worried about XSS, validate your server inputs before binding them to the client.
We use the bootstrap-slider plugin in our project. Curentlly our white box security report show an security issue about "Client Potential Code Injection" in bootstrap-slider.js (v11.0.2) Following is some sample code where security show have security issue. Dose bootstrap-slider has any new update? Thanks for your help.