A flaw was found in Bootstrap before 3.4.0. XSS is possible in the tooltip data-viewport attribute.
Created python-XStatic-Bootstrap-SCSS tracking bugs for this issue:
Affects: epel-7 [bug 1668083]
Affects: fedora-all [bug 1668084]
Affects: openstack-rdo [bug 1668086]
Created rubygem-bootstrap-sass tracking bugs for this issue:
Affects: fedora-all [bug 1668085]
Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.
This issue has been addressed in the following products:
Red Hat Single Sign-On 7.3.2 zip
Via RHSA-2019:1456 https://access.redhat.com/errata/RHSA-2019:1456