Here is the screenshot

Hi You don't say how much you looked into the details of the vulnerabilities so the following may be stuff you know or don't want to know.

Here's some info on bootstrap 3.3.7
https://stackoverflow.com/questions/52388366/is-bootstrap-3-3-7-safe-and-secured-if-data-target-attribute-is-unused

and some on jquery 1.12.4
http://www.sjoerdlangkemper.nl/2017/09/27/some-libraries-evaluate-remote-javascript/

I'm running b2evo 7.1.5 and ran one of my sites through https://webpagetest.org/ but didn't get any warnings, so maybe I'm missing something. How did you use the site?

@amoun You are running 7.1.5 - I am running 6.11.5 so may be your version uses a recent version of bootstrap and jquery.
I used webpagetest as is has to. Entered the link to the website, have chosen Frankfurt and Chrome and got a report. This report showed an "E" towards System Security Scoring (see screenshot below). Clicking on that "E" to get more information I got that detailed report I posted as a screenshot above.

Yes those libraries have been updated in b2evo v7.

@fplanque Is it possible to update those libraries manually for 6.11.5 ?

(I changed my upgrade praxis experiencing several problems after each. The version 6.11.5 and some adtaptions work fine for me and whenever it is possible I'll keep it. But I try to fix security matters. So I would appreciate help how to update those libraries and I think many others would appreciate it, too.)

Thanks in advance, Will

@saunders

I saw this here:

https://github.com/b2evolution/b2evolution/compare/7.2dev

https://github.com/b2evolution/b2evolution/commit/fe59c88123e300514dc9e50624325b19220bffd6

https://github.com/b2evolution/b2evolution/commit/ef847a8625b95a5cd6466ac9922f5d876c5c4507

On the first sight - it doesn't look like drag and drop.