Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/twitter-bootstrap3@3.4.1%2Bdfsg-3%2Bdeb12u1
purl pkg:deb/debian/twitter-bootstrap3@3.4.1%2Bdfsg-3%2Bdeb12u1
Next non-vulnerable version 3.4.1+dfsg-6
Latest non-vulnerable version 3.4.1+dfsg-6
Risk 3.1
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-m8sd-c588-mqbr
Aliases:
CVE-2025-1647
GHSA-q58r-hwc8-rm9j
Bootstrap Vulnerable to Cross-Site Scripting in its Popover and Tooltip Components Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bootstrap allows Cross-Site Scripting (XSS). This issue affects Bootstrap version 3.4.1. At time of publication, there is no publicly available patched version.
3.4.1+dfsg-6
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-5v1f-dupg-y7bc Bootstrap Cross-Site Scripting (XSS) vulnerability for data-* attributes A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting (XSS) attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribute, which would then be executed when the button's loading state is triggered. CVE-2024-6485
GHSA-vxmc-5x29-h64v
VCID-m8sd-c588-mqbr Bootstrap Vulnerable to Cross-Site Scripting in its Popover and Tooltip Components Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bootstrap allows Cross-Site Scripting (XSS). This issue affects Bootstrap version 3.4.1. At time of publication, there is no publicly available patched version. CVE-2025-1647
GHSA-q58r-hwc8-rm9j

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T11:27:26.534717+00:00 Debian Importer Affected by VCID-m8sd-c588-mqbr https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-15T22:12:33.712782+00:00 Debian Oval Importer Fixing VCID-5v1f-dupg-y7bc https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T19:37:19.681171+00:00 Debian Oval Importer Fixing VCID-m8sd-c588-mqbr https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-13T07:48:24.164979+00:00 Debian Importer Affected by VCID-m8sd-c588-mqbr https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T21:50:16.799859+00:00 Debian Oval Importer Fixing VCID-5v1f-dupg-y7bc https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T19:20:00.631527+00:00 Debian Oval Importer Fixing VCID-m8sd-c588-mqbr https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-08T21:27:50.816496+00:00 Debian Oval Importer Fixing VCID-5v1f-dupg-y7bc https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T19:11:26.294292+00:00 Debian Importer Affected by VCID-m8sd-c588-mqbr https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-08T19:03:46.823545+00:00 Debian Oval Importer Fixing VCID-m8sd-c588-mqbr https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0