Play Chess Online with Shredder

Play a game of chess against the fun levels of Shredder on our servers directly in your browser. To enter a move, click on a piece and drag it to the desired square. You can choose between three playing levels. Please note that even on “hard” Shredder doesn’t show his full capabilities. He is trying to provide an equal opponent for a human player on those levels.

Resize chess board: Smaller Bigger

Bootstrap V4.0.0-alpha.6 Vulnerabilities Better Jun 2026

: If an upgrade is not immediately possible, use a library like DOMPurify to manually sanitize any user-provided data passed to Bootstrap attributes. End of Life Status Bootstrap 4

Malicious users can inject scripts through the target option in scrollspy.js . bootstrap v4.0.0-alpha.6 vulnerabilities

| Dependency | Version pinned in alpha.6 | Known Critical CVEs | | :--- | :--- | :--- | | | jQuery 3.1.1 | CVE-2019-11358 (Prototype Pollution), CVE-2020-11022, CVE-2020-11023 (XSS) | | Popper.js | Popper.js 1.12.9 | Denial of Service (DoS) via malformed [x-out-of-bound] references | | Tether | Tether 1.4.0 | CSS injection leading to UI redress attacks | : If an upgrade is not immediately possible,

parameter for Tooltips and Popovers can be manipulated to inject malicious HTML. Recommended Action: Upgrade Recommended Action: Upgrade Bootstrap v4

Bootstrap v4.0.0-alpha.6 depended on older versions of jQuery (typically 3.1.1 or earlier). Some jQuery versions from that era had prototype pollution vulnerabilities (e.g., CVE-2019-11358). Since alpha.6 didn't specify strict version constraints, applications could inherit these vulnerabilities through transitive dependencies.

Upgrade to (the final, most stable v4 release).

The alpha.6 release did not include built-in support for Content Security Policy (CSP) nonces or hashes. Modern Bootstrap versions (5.x+) provide better CSP compatibility, but alpha.6 would require significant manual configuration to safely operate under a restrictive CSP.

: If an upgrade is not immediately possible, use a library like DOMPurify to manually sanitize any user-provided data passed to Bootstrap attributes. End of Life Status Bootstrap 4

Malicious users can inject scripts through the target option in scrollspy.js .

| Dependency | Version pinned in alpha.6 | Known Critical CVEs | | :--- | :--- | :--- | | | jQuery 3.1.1 | CVE-2019-11358 (Prototype Pollution), CVE-2020-11022, CVE-2020-11023 (XSS) | | Popper.js | Popper.js 1.12.9 | Denial of Service (DoS) via malformed [x-out-of-bound] references | | Tether | Tether 1.4.0 | CSS injection leading to UI redress attacks |

parameter for Tooltips and Popovers can be manipulated to inject malicious HTML. Recommended Action: Upgrade

Bootstrap v4.0.0-alpha.6 depended on older versions of jQuery (typically 3.1.1 or earlier). Some jQuery versions from that era had prototype pollution vulnerabilities (e.g., CVE-2019-11358). Since alpha.6 didn't specify strict version constraints, applications could inherit these vulnerabilities through transitive dependencies.

Upgrade to (the final, most stable v4 release).

The alpha.6 release did not include built-in support for Content Security Policy (CSP) nonces or hashes. Modern Bootstrap versions (5.x+) provide better CSP compatibility, but alpha.6 would require significant manual configuration to safely operate under a restrictive CSP.

We use cookies on our website. Some of them are essential for the operation of the site, while others help us to improve this site and the user experience. We do not use any external tracking or marketing cookies! You can decide for yourself whether you want to allow cookies or not. Please note that if you reject them, you may not be able to use all the functionalities of the site.
Ok
More information Imprint