ADVISORIES
GEM
SEVERITY
CVSS v3.x: 6.1 (Medium)
CVSS v2.0: 4.3 (Medium)
PATCHED VERSIONS
- >= 4.1.2
DESCRIPTION
In Bootstrap before 4.1.2, XSS is possible in collapse data-parent attribute (CVE-2018-14040), data-target property of scrollspy (CVE-2018-14041), data-container property of tooltip (CVE-2018-14042)