CVE-2018-14042 (NVD)

2018-07-13

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.

Products Bootstrap
Type Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)
First patch - None (likely due to unavailable code)
Patches https://github.com/twbs/bootstrap/pull/26630
Links https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3E
https://github.com/twbs/bootstrap/issues/26423
http://seclists.org/fulldisclosure/2019/May/13
https://github.com/twbs/bootstrap/issues/26628
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E