CVE-2025-1647

Опубликовано: 15 мая 2025

Источник: redhat

CVSS3: 5.6

Описание

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bootstrap allows Cross-Site Scripting (XSS).This issue affects Bootstrap: from 3.4.1 before 4.0.0.

A security vulnerability has been identified in the Bootstrap framework. This flaw allows for the execution of arbitrary JavaScript code within a user's web browser. This can occur when user-supplied input is not properly sanitized during the generation of web pages utilizing Bootstrap components. Successful exploitation could enable attackers to perform a variety of client-side attacks, potentially leading to data theft, session hijacking, defacement, or other malicious activities within the context of the affected user's browser session.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Ceph Storage 4	ceph	Fix deferred
Red Hat Ceph Storage 5	ceph	Fix deferred
Red Hat Ceph Storage 6	ceph	Fix deferred
Red Hat Ceph Storage 7	ceph	Fix deferred
Red Hat Ceph Storage 8	ceph	Fix deferred
Red Hat Certification for Red Hat Enterprise Linux 7	redhat-certification	Fix deferred
Red Hat Enterprise Linux 10	ceph	Fix deferred
Red Hat Enterprise Linux 10	dotnet9.0	Fix deferred
Red Hat Enterprise Linux 8	389-ds:1.4/389-ds-base	Fix deferred
Red Hat Enterprise Linux 8	cockpit	Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-79

https://bugzilla.redhat.com/show_bug.cgi?id=2366608bootstrap: Bootstrap XSS Vulnerability

5.6 Medium

CVSS3

Связанные уязвимости

CVE-2025-1647

CVSS3: 5.6

ubuntu

8 месяцев назад

CVE-2025-1647

CVSS3: 5.6

nvd

8 месяцев назад

CVE-2025-1647

CVSS3: 5.6

debian

8 месяцев назад

Improper Neutralization of Input During Web Page Generation (XSS or 'C ...

GHSA-q58r-hwc8-rm9j

CVSS3: 5.6

github

8 месяцев назад

Bootstrap Vulnerable to Cross-Site Scripting in its Popover and Tooltip Components

5.6 Medium

CVSS3