Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/twitter-bootstrap3@3.4.1%2Bdfsg-2

Type deb

Namespace debian

Name twitter-bootstrap3

Version 3.4.1+dfsg-2

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 3.4.1+dfsg-6

Latest_non_vulnerable_version 3.4.1+dfsg-6

Affected_by_vulnerabilities

url VCID-5v1f-dupg-y7bc

vulnerability_id VCID-5v1f-dupg-y7bc

summary

Bootstrap Cross-Site Scripting (XSS) vulnerability for data-* attributes
A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting (XSS) attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribute, which would then be executed when the button's loading state is triggered.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6485.json

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6485.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-6485

reference_id

reference_type

scores

value	0.00135
scoring_system	epss
scoring_elements	0.33195
published_at	2026-04-18T12:55:00Z

value	0.00135
scoring_system	epss
scoring_elements	0.33217
published_at	2026-04-16T12:55:00Z

value	0.00135
scoring_system	epss
scoring_elements	0.33176
published_at	2026-04-13T12:55:00Z

value	0.00135
scoring_system	epss
scoring_elements	0.332
published_at	2026-04-12T12:55:00Z

value	0.00135
scoring_system	epss
scoring_elements	0.3324
published_at	2026-04-11T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.3397
published_at	2026-04-21T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.34084
published_at	2026-04-02T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.34115
published_at	2026-04-04T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.33975
published_at	2026-04-07T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.34018
published_at	2026-04-08T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.34049
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-6485

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6485
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6485

reference_url

https://github.com/twbs/bootstrap

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/twbs/bootstrap

reference_url

https://lists.debian.org/debian-lts-announce/2025/04/msg00020.html

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/04/msg00020.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-6485

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-6485

reference_url

https://www.herodevs.com/vulnerability-directory/cve-2024-6485

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-11T18:49:37Z/

url

https://www.herodevs.com/vulnerability-directory/cve-2024-6485

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084060
reference_id	1084060
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084060

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2297388
reference_id	2297388
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2297388

reference_url

https://github.com/advisories/GHSA-vxmc-5x29-h64v

reference_id

GHSA-vxmc-5x29-h64v

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vxmc-5x29-h64v

reference_url	https://usn.ubuntu.com/7556-1/
reference_id	USN-7556-1
reference_type
scores
url	https://usn.ubuntu.com/7556-1/

fixed_packages

url pkg:deb/debian/twitter-bootstrap3@3.4.1%2Bdfsg-3%2Bdeb12u1

purl pkg:deb/debian/twitter-bootstrap3@3.4.1%2Bdfsg-3%2Bdeb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-m8sd-c588-mqbr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/twitter-bootstrap3@3.4.1%252Bdfsg-3%252Bdeb12u1

aliases CVE-2024-6485, GHSA-vxmc-5x29-h64v

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5v1f-dupg-y7bc

url VCID-m8sd-c588-mqbr

vulnerability_id VCID-m8sd-c588-mqbr

summary

Bootstrap Vulnerable to Cross-Site Scripting in its Popover and Tooltip Components
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bootstrap allows Cross-Site Scripting (XSS). This issue affects Bootstrap version 3.4.1. At time of publication, there is no publicly available patched version.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1647.json

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1647.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-1647

reference_id

reference_type

scores

value	0.00296
scoring_system	epss
scoring_elements	0.5297
published_at	2026-04-21T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.52886
published_at	2026-04-02T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.52911
published_at	2026-04-04T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.5288
published_at	2026-04-07T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.52931
published_at	2026-04-08T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.52924
published_at	2026-04-09T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.52974
published_at	2026-04-11T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.52958
published_at	2026-04-12T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.52942
published_at	2026-04-13T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.52979
published_at	2026-04-16T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.52986
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-1647

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1647
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1647

reference_url

https://github.com/twbs/bootstrap

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/twbs/bootstrap

reference_url

https://lists.debian.org/debian-lts-announce/2025/06/msg00001.html

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/06/msg00001.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-1647

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-1647

reference_url

https://www.herodevs.com/vulnerability-directory/cve-2025-1647

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T20:03:33Z/

url

https://www.herodevs.com/vulnerability-directory/cve-2025-1647

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105899
reference_id	1105899
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105899

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2366608
reference_id	2366608
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2366608

reference_url

https://github.com/advisories/GHSA-q58r-hwc8-rm9j

reference_id

GHSA-q58r-hwc8-rm9j

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-q58r-hwc8-rm9j

fixed_packages

url pkg:deb/debian/twitter-bootstrap3@3.4.1%2Bdfsg-3%2Bdeb12u1

purl pkg:deb/debian/twitter-bootstrap3@3.4.1%2Bdfsg-3%2Bdeb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-m8sd-c588-mqbr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/twitter-bootstrap3@3.4.1%252Bdfsg-3%252Bdeb12u1

url	pkg:deb/debian/twitter-bootstrap3@3.4.1%2Bdfsg-6
purl	pkg:deb/debian/twitter-bootstrap3@3.4.1%2Bdfsg-6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/twitter-bootstrap3@3.4.1%252Bdfsg-6

aliases CVE-2025-1647, GHSA-q58r-hwc8-rm9j

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m8sd-c588-mqbr

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/twitter-bootstrap3@3.4.1%252Bdfsg-2

Package Instance