Launch Week Day 1: Announcing Security Design Review
Start for Free
MEDIUM 5.6 npm

Bootstrap Vulnerable to Cross-Site Scripting in its Popover and Tooltip Components

GHSA-q58r-hwc8-rm9j · CVE-2025-1647

Published · Modified

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bootstrap allows Cross-Site Scripting (XSS). This issue affects Bootstrap version 3.4.1. At time of publication, there is no publicly available patched version.

References

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes