Skip Navigation
Buy Now

Home Toolset Professional Support [Escalated to 2nd Tier] Received word that Bootstrap has a XSS Vulnerability in version prior to 3.4.1

[Escalated to 2nd Tier] Received word that Bootstrap has a XSS Vulnerability in version prior to 3.4.1

This support ticket is created 5 years, 11 months ago. There's a good chance that you are reading advice that it now obsolete.

This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.

Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.

Sun Mon Tue Wed Thu Fri Sat
- 9:00 – 13:00 9:00 – 13:00 9:00 – 13:00 9:00 – 13:00 9:00 – 13:00 -
- 14:00 – 18:00 14:00 – 18:00 14:00 – 18:00 14:00 – 18:00 14:00 – 18:00 -

Supporter timezone: Asia/Karachi (GMT+05:00)

Tagged: 

This topic contains 1 reply, has 2 voices.

Last updated by Waqar 5 years, 11 months ago.

Assisted by: Waqar.

Author
Posts
#1203991

Jonathon Hanten

There is an article on WP Tavern (hidden link) that mentions an XSS Vulnerability in older versions of Bootstrap. Your product uses Bootstrap and has the option to load a copy. What version of Bootstrap 3 is being loaded by Toolset and is there a way to update/make sure it uses the most current version to avoid issues?

Thank you.

#1204647

Waqar

Hi Jonathon,

Thanks for asking! I'd be happy to help.

Based on the report that you've mentioned, work is already underway to update the Bootstrap 3 that is included through Toolset, to use the latest patch.

I'm afraid, I don't have a time estimate to share at this time, but I'll keep you updated with the progress through this ticket.

Meanwhile, if you'd like to load this Bootstrap 3.4.1 on your website manually, you can select the option "The theme or another plugin is already loading Bootstrap 3.0" from "WP Admin -> Toolset -> Settings -> General" which will stop loading of Toolset's packed Bootstrap files.

After that you can load the Bootstrap files from your theme, as explained in these guides:

hidden link
hidden link
hidden link

For more personalized assistance around the custom code, you can also consider hiring a professional from our list of recommended contractors:
https://toolset.com/contractors/

regards,
Waqar

Known issues and solutions

Frequently asked support questions

Support tickets archive

Get help from experienced contractors

Meet Toolset support team

Toolset Customer Support Policy

Need to tell us something about the quality of support

How to remove personal information from your database for support