CVE-2018-14042 – bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip
https://notcve.org/view.php?id=CVE-2018-14042
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. En Bootstrap en versiones anteriores a la 4.1.2, es posible Cross-Site Scripting (XSS) en la propiedad data-container de tooltip. • https://github.com/ossf-cve-benchmark/CVE-2018-14042 https://github.com/Snorlyd/https-nj.gov---CVE-2018-14042 http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html http://seclists.org/fulldisclosure/2019/May/10 http://seclists.org/fulldisclosure/2019/May/11 http://seclists.org/fulldisclosure/2019/May/13 https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2 https://github.com/twbs/bootstrap/issues/26423 https://github.com/twbs/bootstrap/issues/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •