Description
Cytrix has detected that the version of Bootstrap being used is vulnerable to Cross-site scripting (XSS).
Cross-site scripting (XSS) is possible through the collapse data-parent attribute. Also known as CVE-2018-14040.
This will allow the attacker to add and modify the data.
Severity/Score
CVSS Version 3.x – 6.1 Medium
Recommendation
To deal with CVE-2018-14040, update the version of the Bootstrap being used.
Make sure its version is 4.1.2 or higher.
Some claim that upgrading to version 3.4.1 would be enough. Depends on your personal choice.
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14040