CVE-2025-1647 — Cross-site Scripting in Bootstrap

CWE-79 — Cross-site Scripting6 documents5 sources

Severity

5.6MEDIUMNVD

EPSS

0.3%

top 47.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Bootstrap Debian Twitter-bootstrap3 Debian Twitter-bootstrap4

Timeline

PublishedMay 15

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bootstrap allows Cross-Site Scripting (XSS).This issue affects Bootstrap: from 3.4.1 before 4.0.0.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 2.2 | Impact: 3.4

Affected Packages3 packages

▶CVEListV5bootstrap/bootstrap3.4.1 — 4.0.0

▶debiandebian/twitter-bootstrap3< twitter-bootstrap3 3.4.1+dfsg-2+deb11u2 (bullseye)

▶debiandebian/twitter-bootstrap4< twitter-bootstrap3 3.4.1+dfsg-2+deb11u2 (bullseye)

🔴Vulnerability Details

GHSA

Bootstrap Vulnerable to Cross-Site Scripting in its Popover and Tooltip Components↗2025-05-15

▶

OSV

Bootstrap Vulnerable to Cross-Site Scripting in its Popover and Tooltip Components↗2025-05-15

▶

OSV

CVE-2025-1647: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bootstrap allows Cross-Site Scripting (XS↗2025-05-15

▶

📋Vendor Advisories

Red Hat

bootstrap: Bootstrap XSS Vulnerability↗2025-05-15

▶

Debian

CVE-2025-1647: twitter-bootstrap3 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site ...↗2025

▶