GHSA-Q58R-HWC8-RM9J Bootstrap Vulnerable to Cross-Site Scripting in its Popover and Tooltip Components

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Bootstrap allows Cross-Site Scripting XSS. This issue affects Bootstrap version 3.4.1. At time of publication, there is no publicly available patched version...

Bootstrap Vulnerable to Cross-Site Scripting in its Popover and Tooltip Components

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Bootstrap allows Cross-Site Scripting XSS. This issue affects Bootstrap version 3.4.1. At time of publication, there is no publicly available patched version...

DEBIAN-CVE-2025-1647

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Bootstrap allows Cross-Site Scripting XSS.This issue affects Bootstrap: from 3.4.1 before 4.0.0...

CVE-2025-1647

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Bootstrap allows Cross-Site Scripting XSS.This issue affects Bootstrap: from 3.4.1 before 4.0.0...

CVE-2025-1647

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Bootstrap allows Cross-Site Scripting XSS.This issue affects Bootstrap: from 3.4.1 before 4.0.0...

UBUNTU-CVE-2025-1647

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Bootstrap allows Cross-Site Scripting XSS.This issue affects Bootstrap: from 3.4.1 before 4.0.0...

Cross-site Scripting (XSS)

Overview org.webjars:bootstrap is a WebJar for Bootstrap. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Tooltip and Popover components due to improper neutralization of input during web page generation. An attacker can manipulate the output of web pages by...

de.digitalcollections:iiif-bookshelf-webapp (>=3.1.1 <=4.0.0), net.aequologica.neo:dagr-vebchar (=0.5.2-alpha) +43 more potentially affected by CVE-2025-1647 via org.webjars.npm:bootstrap (>=3.4.1 <=4.0.0-beta.3)

org.webjars.npm:bootstrap MAVEN version =3.4.1, =3.1.1, =1.0.5, =1.0.4, =0.1.0, =0.5.0 - org.webjars.npm:bootstrap-print =3.1.2 - org.webjars.npm:bootstrap-social =5.1.1 - org.webjars.npm:bootstrap-sweetalert =1.0.1 - org.webjars.npm:bootstrap-tour =0.12.0 -...

com.adrianhurt:play-bootstrap_2.10 (>=1.0-P24-B4 <=1.1.1-P24-B4), com.adrianhurt:play-bootstrap_2.11 (>=1.0-P24-B4 <=1.1.1-P25-B4) +44 more potentially affected by CVE-2025-1647 via org.webjars:bootstrap (>=3.4.1 <=4.0.0-2)

org.webjars:bootstrap MAVEN version =3.4.1, =1.0-P24-B4, =1.0-P24-B4, =2.3.2.RELEASE, =2.3.2.RELEASE, =2.3.2.RELEASE, =2.3.2.RELEASE, =2.3.2.RELEASE, =2.3.2.RELEASE, =2.3.8.RELEASE, =4.2.11, =2.5.0, =2.5.4 and more Source cves: CVE-2025-1647 Source advisory: SNYK:JAVA-ORGWEBJARS-10176068...

cn.jbone:jbone-ui (=1.0.0), io.springlets:springlets-boot-starter-web (>=1.2.0.RC2 <=1.2.0.RELEASE) +56 more potentially affected by CVE-2025-1647 via org.webjars.bower:bootstrap (>=3.4.1 <=4.0.0-beta.3)

org.webjars.bower:bootstrap MAVEN version =3.4.1, =1.2.0.RC2, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.1 and more Source cves: CVE-2025-1647 Source advisory: SNYK:JAVA-ORGWEBJARSBOWER-10176070...

org.activecomponents.jadex:jadex-distribution-standard (>=4.0.244 <=4.0.267), org.activecomponents.jadex:jadex-tools-runtimetools-web (>=4.0.244 <=4.0.267) +11 more potentially affected by CVE-2025-1647 via org.webjars.bowergithub.twbs:bootstrap (>=3.4.1 <=4.0.0-beta.3)

org.webjars.bowergithub.twbs:bootstrap MAVEN version =3.4.1, =4.0.244, =4.0.244, =2.4.0, =1.3.0, =1.3.1 Source cves: CVE-2025-1647 Source advisory: SNYK:JAVA-ORGWEBJARSBOWERGITHUBTWBS-10176069...

Cross-site Scripting (XSS)

Overview org.webjars.bowergithub.twbs:bootstrap is a popular front-end framework for faster and easier web development. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Tooltip and Popover components due to improper neutralization of input during web page...

Cross-site Scripting (XSS)

Overview org.webjars.bower:bootstrap is a popular front-end framework for faster and easier web development. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Tooltip and Popover components due to improper neutralization of input during web page generation. An...

Cross-site Scripting (XSS)

Overview org.webjars.npm:bootstrap is a WebJar for bootstrap. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Tooltip and Popover components due to improper neutralization of input during web page generation. An attacker can manipulate the output of web pages ...

CVE-2025-1647

CVE-2025-1647 is an XSS vulnerability in Bootstrap affecting 3.4.1 up to 4.0.0, due to improper input neutralization in the Popover and Tooltip components. Several sources confirm affected versions and public advisories (Debian DLA-4204-1, GHSA advisory, Debian security tracker, and CVE records)....

CVE-2025-1647 XSS in Bootstrap title attribute for Tooltip and Popover

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Bootstrap allows Cross-Site Scripting XSS.This issue affects Bootstrap: from 3.4.1 before 4.0.0...

CVE-2025-1647 XSS in Bootstrap title attribute for Tooltip and Popover

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Bootstrap allows Cross-Site Scripting XSS.This issue affects Bootstrap: from 3.4.1 before 4.0.0...

CVE-2025-1647

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Bootstrap allows Cross-Site Scripting XSS.This issue affects Bootstrap: from 3.4.1 before 4.0.0...

CVE-2025-47204

An issue was discovered in post.php in bootstrap-multiselect aka Bootstrap Multiselect 1.1.2. A PHP script in the source code echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective Cross-Site Scripting XSS vulnerability...

WordPress plugin Twitter Bootstrap Collapse aka Accordian Shortcode 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Twitter Bootstrap Collapse ak...