Dear All,
I am using Nextcloud and platform is as below:
NC- 21.01
Server- Ubuntu 20.04
Web server- NGINX
Now during scanning we are getting finding-
Synopsis The site uses some vulnerable javascript libraries.
Description The site uses some vulnerable javascript libraries. Some vulnerabilities were reported for this particular version of the library.
Solution Upgrade the library to higher (possibly the latest) version.
URL Not available
Variant The site uses some vulnerable javascript libraries.
Findings The ‘bootstrap’ library at version 3.3.5 is vulnerable, details:
(medium) XSS in data-template, data-content and data-title properties of tooltip/popover, see: https://github.com/twbs/bootstrap/issues/28236
(medium) XSS in data-target property of scrollspy, see: https://github.com/twbs/bootstrap/issues/20184
(medium) XSS in collapse data-parent attribute, see: https://github.com/twbs/bootstrap/issues/20184
(medium) XSS in data-container property of tooltip, see: XSS in data-target attribute · Issue #20184 · twbs/bootstrap · GitHub
Can anyone please help me how to resolve this.
Thanks