Description
Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates.
Bootstrap is a popular library which has used jQuery's plugin mechanism extensively. But the jQuery plugins inside Bootstrap used to be implemented in an unsafe way that could make the users of Bootstrap vulnerable to Cross-site scripting (XSS) attacks. The core mistake is the use of the omnipotent jQuery $-function in places where a more specialized, and safer, function would have sufficed. This is particularly problematic in cases where the $-function evaluates its input as JavaScript-code instead of as a CSS-selector.
Remediation
Upgrade to the latest version of Bootstrap.
References
Related Vulnerabilities
WordPress Plugin Emag Marketplace Connector Cross-Site Scripting (1.0.0)
WordPress Plugin underConstruction Cross-Site Scripting (1.18)
WordPress Plugin Easing Slider Multiple Cross-Site Scripting Vulnerabilities (2.2.0.6)
WordPress Plugin Ajax Plugin Helper Cross-Site Scripting (1.0.5)
WordPress Plugin GNU-Mailman Integration Cross-Site Scripting (1.0.6)