In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
https://github.com/twbs/bootstrap/pull/26630
https://github.com/twbs/bootstrap/issues/26628
https://github.com/twbs/bootstrap/issues/26423
https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/
https://seclists.org/bugtraq/2019/May/18
http://seclists.org/fulldisclosure/2019/May/13
http://seclists.org/fulldisclosure/2019/May/11
http://seclists.org/fulldisclosure/2019/May/10
https://lists.apache.org/thread.html/[email protected]%3Cdev.superset.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cissues.drill.apache.org%3E
http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html
https://lists.apache.org/thread.html/[email protected]%3Cissues.hbase.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccommits.pulsar.apache.org%3E
Source: MITRE
Published: 2018-07-13
Updated: 2021-07-22
Type: CWE-79
Base Score: 4.3
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact Score: 2.9
Exploitability Score: 8.6
Severity: MEDIUM
Base Score: 6.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Impact Score: 2.7
Exploitability Score: 2.8
Severity: MEDIUM