Advisories for Npm/Bootstrap package

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.

In Bootstrap, XSS is possible in the tooltip data-viewport attribute.

In Bootstrap, XSS is possible in the affix configuration target property.

In Bootstrap, XSS is possible in the collapse data-parent attribute.

In Bootstrap, XSS is possible in the data-target property of scrollspy.

In Bootstrap, XSS is possible in the data-container property of tooltip.