Cross-site Scripting (XSS)

Overview org.webjars:bootstrap is a WebJar for Bootstrap. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Tooltip and Popover components due to improper neutralization of input during web page generation. An attacker can manipulate the output of web pages by...

de.digitalcollections:iiif-bookshelf-webapp (>=3.1.1 <=4.0.0), net.aequologica.neo:dagr-vebchar (=0.5.2-alpha) +43 more potentially affected by CVE-2025-1647 via org.webjars.npm:bootstrap (>=3.4.1 <=4.0.0-beta.3)

org.webjars.npm:bootstrap MAVEN version =3.4.1, =3.1.1, =1.0.5, =1.0.4, =0.1.0, =0.5.0 - org.webjars.npm:bootstrap-print =3.1.2 - org.webjars.npm:bootstrap-social =5.1.1 - org.webjars.npm:bootstrap-sweetalert =1.0.1 - org.webjars.npm:bootstrap-tour =0.12.0 -...

Cross-site Scripting (XSS)

Overview org.webjars.npm:bootstrap is a WebJar for bootstrap. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Tooltip and Popover components due to improper neutralization of input during web page generation. An attacker can manipulate the output of web pages ...

org.activecomponents.jadex:jadex-distribution-standard (>=4.0.244 <=4.0.267), org.activecomponents.jadex:jadex-tools-runtimetools-web (>=4.0.244 <=4.0.267) +11 more potentially affected by CVE-2025-1647 via org.webjars.bowergithub.twbs:bootstrap (>=3.4.1 <=4.0.0-beta.3)

org.webjars.bowergithub.twbs:bootstrap MAVEN version =3.4.1, =4.0.244, =4.0.244, =2.4.0, =1.3.0, =1.3.1 Source cves: CVE-2025-1647 Source advisory: SNYK:JAVA-ORGWEBJARSBOWERGITHUBTWBS-10176069...

CVE-2025-1647 XSS in Bootstrap title attribute for Tooltip and Popover

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Bootstrap allows Cross-Site Scripting XSS.This issue affects Bootstrap: from 3.4.1 before 4.0.0...

CVE-2025-1647 XSS in Bootstrap title attribute for Tooltip and Popover

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Bootstrap allows Cross-Site Scripting XSS.This issue affects Bootstrap: from 3.4.1 before 4.0.0...

CVE-2025-1647

CVE-2025-1647 is an XSS vulnerability in Bootstrap affecting 3.4.1 up to 4.0.0, due to improper input neutralization in the Popover and Tooltip components. Several sources confirm affected versions and public advisories (Debian DLA-4204-1, GHSA advisory, Debian security tracker, and CVE records)....

CVE-2025-1647

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Bootstrap allows Cross-Site Scripting XSS.This issue affects Bootstrap: from 3.4.1 before 4.0.0...

CVE-2025-47204

An issue was discovered in post.php in bootstrap-multiselect aka Bootstrap Multiselect 1.1.2. A PHP script in the source code echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective Cross-Site Scripting XSS vulnerability...

Bootstrap 安全漏洞

Bootstrap is an open source web front-end framework developed using HTML, CSS and JavaScript by Bootstrap Inc. A security vulnerability exists in Bootstrap versions prior to 3.4.1 through 4.0.0 that stems from improper input neutralization and could lead to a cross-site scripting attack...

PT-2025-21333

Name of the Vulnerable Software and Affected Versions: Bootstrap versions 3.4.1 through 3.4.x Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows attackers to run malicious scripts. A DOM-based XSS...

WordPress plugin Twitter Bootstrap Collapse aka Accordian Shortcode 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Twitter Bootstrap Collapse ak...

PT-2025-21431 · WordPress · Twitter Bootstrap Collapse Aka Accordian Shortcode

Name of the Vulnerable Software and Affected Versions: Twitter Bootstrap Collapse aka Accordian Shortcode WordPress plugin versions 1.0 and earlier Description: The issue concerns the Twitter Bootstrap Collapse aka Accordian Shortcode WordPress plugin, which does not properly validate and escape...

CVE-2021-26291 affecting package javapackages-bootstrap for versions less than 1.5.0-6

CVE-2021-26291 affecting package javapackages-bootstrap for versions less than 1.5.0-6. A patched version of the package is available...

@dfeidao/fd-w000005 (>=4.6.201905201058 <=4.6.201907081013), @dfeidao/widgets (>=4.5.201903181201 <=4.6.201905131523) +16 more potentially affected by CVE-2025-47204 via bootstrap-multiselect (>=0.9.13-1 <=1.1.2)

bootstrap-multiselect NPM version =0.9.13-1, =4.6.201905201058, =4.5.201903181201, =1.0.0, =3.0.201812052008, =1.0.0, =2.0.0, =0.1.0, =0.0.3, =1.0.7-1, =1.1.4, =1.2.1, =1.2.2, =0.0.2, =1.0.0 and more Source cves: CVE-2025-47204 Source advisory: OSV:GHSA-GV5R-9GXR-V74W...

Bootstrap Multiselect Vulnerable to CSRF and Reflective XSS via Arbitrary POST Data

An issue was discovered in post.php in bootstrap-multiselect aka Bootstrap Multiselect 1.1.2. A PHP script in the source code echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective Cross-Site Scripting XSS vulnerability...

Cross-site Scripting (XSS)

Overview org.webjars.bower:bootstrap-multiselect is a JQuery multiselect plugin based on Twitter Bootstrap. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the post.php script. An attacker can execute scripts in the context of the user's browser session by...

Cross-site Scripting (XSS)

Overview org.webjars.npm:bootstrap-multiselect is a JQuery multiselect plugin based on Twitter Bootstrap. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the post.php script. An attacker can execute scripts in the context of the user's browser session by sendi...

Cross-site Scripting (XSS)

Overview org.webjars:bootstrap-multiselect is a JQuery multiselect plugin based on Twitter Bootstrap. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the post.php script. An attacker can execute scripts in the context of the user's browser session by sending...

Cross-site Scripting (XSS)

Overview org.webjars.bowergithub.davidstutz:bootstrap-multiselect is a JQuery multiselect plugin based on Twitter Bootstrap. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the post.php script. An attacker can execute scripts in the context of the user's brows...