bootstrap is vulnerable to cross-site scripting (XSS) attacks. The attacks exist because the data-target
attribute uses user-supplied input which is then interpreted directly using standard HTML entities encoding.
access.redhat.com/errata/RHBA-2019:1076
access.redhat.com/errata/RHBA-2019:1570
access.redhat.com/errata/RHSA-2019:1456
access.redhat.com/errata/RHSA-2019:3023
access.redhat.com/errata/RHSA-2020:0132
access.redhat.com/errata/RHSA-2020:0133
blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/
github.com/twbs/bootstrap/issues/20184
github.com/twbs/bootstrap/issues/27915#issuecomment-452140906
github.com/twbs/bootstrap/pull/23679
github.com/twbs/bootstrap/pull/23686
github.com/twbs/bootstrap/pull/23687
github.com/twbs/bootstrap/pull/26460