---
gem: bootstrap-sass
cve: 2019-8331
url: https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/
title: XSS vulnerability in bootstrap-sass
date: 2019-02-15

description: |
  In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible
  in the tooltip or popover data-template attribute.

cvss_v2: 4.3
cvss_v3: 6.1

patched_versions:
  - '>= 3.4.1'

related:
  url:
    - https://github.com/twbs/bootstrap-sass/releases/tag/v3.4.1