Banshee
the secure PHP framework

Weblog

RSS

Bootstrap

7 March 2018, 10:55

The current version of Banshee uses Bootstrap v3.3.7. This version is vulnerable for XSS, but it is not exploitable via Banshee. Banshee doesn't allow users to set the data-target property of a tag. When a patch is available, it will be applied to the next version of Banshee.

I know Bootstrap v4 has been released, but I don't really like its new design. So, I'm sticking with Bootstrap v3 for now.

Tags: security
by Hugo Leisink
Jeff Dawson
23 October 2020, 14:59
Get rid of bootstrap and jquery and use a more modern and up to date system using web standards. Your wonderful software will be the best cmf/cms framework if you follow web standards with elemental.js. See https://elementalsjs.com
Back

All articles

All tags: Years: Periods:
Built upon the Banshee PHP framework v6.3CMS