npm›bootstrap-sass›CVE-2019-83316.1 MEDIUMImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')In Bootstrap, XSS is possible in the tooltip or popover data-template attribute.