A flaw was found in Bootstrap before 3.4.0. XSS is possible in the affix configuration target property.
Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.
This issue has been addressed in the following products:
Red Hat Single Sign-On 7.3.2 zip
Via RHSA-2019:1456 https://access.redhat.com/errata/RHSA-2019:1456