| Package | twitter-bootstrap3 |
|---|---|
| Version | 3.3.7+dfsg-2+deb9u3~deb8u2 (jessie), 3.3.7+dfsg-2+deb9u4 (stretch), 3.4.1+dfsg-1+deb10u2 (buster) |
| Related CVEs | CVE-2025-1647 |
A cross-site scripting (XSS) vulnerability has been identified within the Bootstrap 3 Popover component and Bootstrap 3 Tooltip component, which allows unsanitized HTML to be used.
If you use bootstrap through a module bundler, you may need to rebuild your application.
For Debian 10 buster, these problems have been fixed in version 3.4.1+dfsg-1+deb10u2.
For Debian 8 jessie, these problems have been fixed in version 3.3.7+dfsg-2+deb9u3~deb8u2.
For Debian 9 stretch, these problems have been fixed in version 3.3.7+dfsg-2+deb9u4.
We recommend that you upgrade your twitter-bootstrap3 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.