CVE-2025-1647

Name of the Vulnerable Software and Affected Versions: Bootstrap versions 3.4.1 through 3.4.x

Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows attackers to run malicious scripts. A DOM-based XSS flaw was found in Bootstrap 3 Tooltips & Popovers, which can be exploited via DOM clobbering, putting outdated applications at risk.

Recommendations: For Bootstrap versions 3.4.1 through 3.4.x, update to version 4.0.0 or later to resolve the issue. As a temporary workaround, consider disabling the use of Bootstrap 3 Tooltips & Popovers until a patch is available. Restrict access to potentially vulnerable web pages to minimize the risk of exploitation.