False positive. Bootstrap 5.1.3 is not the root cause.
While 5.1.3 is more secure than previous versions, certain components historically required robust sanitization: bootstrap 5.1.3 exploit
Bootstrap allows passing HTML content into tooltips and popovers. If a developer takes user input (e.g., a username or a form field) and injects it directly into a tooltip without sanitizing it first, an attacker can insert malicious JavaScript. javascript False positive
If you need help securing your front-end architecture, let me know. We can explore: How to automatically. bootstrap 5.1.3 exploit