Debian Twitter-Bootstrap4 vulnerabilities

CVE-2025-1647 [MEDIUM] CVE-2025-1647: twitter-bootstrap3 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site ... Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bootstrap allows Cross-Site Scripting (XSS).This issue affects Bootstrap: from 3.4.1 before 4.0.0. Scope: local bookworm: open bullseye: resolved (fixed in 3.4.1+dfsg-2+deb11u2) forky: resolved (fixed in 3.4.1+dfsg-5) sid: resolved (fixed in 3.4.1+

CVE-2024-6485 [MEDIUM] CVE-2024-6485: twitter-bootstrap3 - A security vulnerability has been discovered in bootstrap that could enable Cros... A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting (XSS) attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribute, which would then be executed when the button's loading

CVE-2019-8331 [MEDIUM] CVE-2019-8331: twitter-bootstrap3 - In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip... In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. Scope: local bookworm: resolved (fixed in 3.4.1+dfsg-1) bullseye: resolved (fixed in 3.4.1+dfsg-1) forky: resolved (fixed in 3.4.1+dfsg-1) sid: resolved (fixed in 3.4.1+dfsg-1) trixie: resolved (fixed in 3.4.1+dfsg-1)

CVE-2016-10735 [MEDIUM] CVE-2016-10735: twitter-bootstrap3 - In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible ... In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041. Scope: local bookworm: resolved (fixed in 3.4.0+dfsg-1) bullseye: resolved (fixed in 3.4.0+dfsg-1) forky: resolved (fixed in 3.4.0+dfsg-1) sid: resolved (fixed in 3.4.0+dfsg-1) trixie: resolved (fix