Description In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property. Remediation References CVE-2018-20677 Related Vulnerabilities Atlassian Jira URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-11589) Jboss EAP Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-14900) WordPress Plugin Complianz-GDPR/CCPA Cookie Consent SQL Injection (6.3.3) WordPress Plugin Search 10 times faster with Elasticsearch or Apache Solr with lots of data-WPSOLR Cross-Site Scripting (8.6) WordPress Plugin Contextual Related Posts Multiple Vulnerabilities (3.3.1) Severity Medium Classification CVE-2018-20677 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Tags Missing Update Known Vulnerabilities