Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
In Bootstrap, XSS is possible in the tooltip or popover data-template attribute.
Advisories for Npm/Bootstrap-Sass package
2019
In Bootstrap, XSS is possible in the tooltip or popover data-template attribute.