Base Score

MEDIUM5.6

CVE-2025-1647

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bootstrap allows Cross-Site Scripting (XSS).This issue affects Bootstrap: from 3.4.1 before 4.0.0.

VectorNETWORK

Published By36c7be3b-2937-45df-85ea-ca7133ea542c

Published DateMay 15, 2025, 17:15

Affected Versions(1)

bootstrap(npm)

IntroducedN/A

FixedN/A

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
bootstrap(npm)	N/A	N/A	N/A

Weakness Type (CWE):CWE-79

CVSS Metrics

Base Score

5.6

Vector String

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

LOW

References

Base Score

MEDIUM5.6

Weakness Type (CWE):CWE-79

CVSS Metrics

Base Score

5.6

Vector String

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

LOW