the secure PHP framework


7 March 2018, 10:55

The current version of Banshee uses Bootstrap v3.3.7. This version is vulnerable for XSS, but it is not exploitable via Banshee. Banshee doesn't allow users to set the data-target property of a tag. When a patch is available, it will be applied to the next version of Banshee.

I know Bootstrap v4 has been released, but I don't really like its new design. So, I'm sticking with Bootstrap v3 for now.