Bootstrap Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2018-20676
In Bootstrap before 3.4.0 XSS is possible in the tooltip data-viewport attribute.
In Bootstrap before 3.4.0 XSS is possible in the tooltip data-viewport attribute.