Upgrade Bootstrap from v3 to v4
bow-fujita opened this issue · comments
CVE-2018-14041
Vulnerable versions: < 4.1.2
Patched version: 4.1.2
In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy. This is similar to CVE-2018-14042.
Check out this SO article to migrate Glyphicons to FontAwesome.