CVE-2018-20676: Cross-site Scripting

January 9, 2019 (updated June 11, 2019)

In Bootstrap, XSS is possible in the tooltip data-viewport attribute.

References

github.com/twbs/bootstrap/issues/27044
github.com/twbs/bootstrap/issues/27915
nvd.nist.gov/vuln/detail/CVE-2018-20676

Detect and mitigate CVE-2018-20676 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →