Description
In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.
Remediation
References
Related Vulnerabilities
WordPress Plugin TagNinja 'id' Parameter Cross-Site Scripting (1.0)
WordPress Plugin eShop Code Injection (6.3.11)
WordPress Plugin Subscribe2 Multiple Cross-Site Scripting Vulnerabilities (8.1)
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-9855)
WordPress Improper Input Validation Vulnerability (CVE-2017-1000600)