Description
Cytrix has detected that the version of Bootstrap being used is vulnerable to Cross-site scripting (XSS).
Cross-site scripting (XSS) is possible through the tooltip data-viewport attribute. Also known as CVE-2018-20676.
This will allow the attacker to add and modify the data.
Severity/Score
CVSS Version 3.x – 6.1 Medium
Recommendation
To prevent CVE-2018-20676, update the version of the Bootstrap being used.
Make sure its version is 3.4.0 or higher.
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20676