A flaw was found in Bootstrap from version 4.0 and before 4.1.2. A Cross-site Scripting (XSS) is possible in the data-target property of scrollspy.
bootstrap 3.3.7 is not affected by this flaw.
This issue has been addressed in the following products:
Red Hat Single Sign-On 7.3.2 zip
Via RHSA-2019:1456 https://access.redhat.com/errata/RHSA-2019:1456