Description In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute. Remediation References CVE-2018-20676 Related Vulnerabilities PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-1864) TYPO3 Inadequate Encryption Strength Vulnerability (CVE-2010-3670) Plone CMS Improper Input Validation Vulnerability (CVE-2013-4199) WordPress Plugin Easy Registration Forms CSV Injection (2.0.6) WordPress 5.2.x Multiple Vulnerabilities (5.2 - 5.2.17) Severity Medium Classification CVE-2018-20676 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Tags Missing Update Known Vulnerabilities