Description In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute. Remediation References CVE-2018-14040 Related Vulnerabilities WordPress Plugin WP-Stats Multiple Vulnerabilities (2.51) WordPress Plugin Lazy SEO Arbitrary File Upload (1.3.2) WordPress Plugin Contact Form by Supsystic Multiple Vulnerabilities (1.7.5) WordPress Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2007-4894) WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress Unspecified Vulnerability (3.4.27.1) Severity Medium Classification CVE-2018-14040 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Tags Missing Update Known Vulnerabilities