A flaw was found in Bootstrap from version 4.0 and before 4.1.2. A Cross-site Scripting (XSS) is possible in the data-target property of scrollspy. References: https://github.com/twbs/bootstrap/issues/26627 Upstream Patch: https://github.com/twbs/bootstrap/pull/26630
bootstrap 3.3.7 is not affected by this flaw.
This issue has been addressed in the following products: Red Hat Single Sign-On 7.3.2 zip Via RHSA-2019:1456 https://access.redhat.com/errata/RHSA-2019:1456
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Via RHSA-2023:0553 https://access.redhat.com/errata/RHSA-2023:0553
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Via RHSA-2023:0552 https://access.redhat.com/errata/RHSA-2023:0552
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Via RHSA-2023:0554 https://access.redhat.com/errata/RHSA-2023:0554
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform Via RHSA-2023:0556 https://access.redhat.com/errata/RHSA-2023:0556
Created qpid-dispatch tracking bugs for this issue: Affects: openstack-rdo [bug 2183421] Created zuul tracking bugs for this issue: Affects: fedora-all [bug 2183418]
This issue has been addressed in the following products: Red Hat Ceph Storage 6.1 Via RHSA-2023:5693 https://access.redhat.com/errata/RHSA-2023:5693