Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Debian LTS: DLA-4204-1 critical: twitter-bootstrap3 XSS issue

debian lts
Calendar Grey June 1, 2025
Dist Debian Esm H88
A critical vulnerability detected in angular-js necessitates prompt security patches to protect web applications.
twitter-bootstrap3 a popular front end framework was affected by a vulnerability

Summary

A cross-site scripting (XSS) vulnerability
has been identified within the Bootstrap 3 Popover component and
Bootstrap 3 Tooltip component, which allows unsanitized HTML to be used.

If you use bootstrap through a module bundler, you may need to rebuild your
application.

For Debian 11 bullseye, this problem has been fixed in version
3.4.1+dfsg-2+deb11u2.

We recommend that you upgrade your twitter-bootstrap3 packages.

For the detailed security status of twitter-bootstrap3 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/twitter-bootstrap3

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Severity
critical
Lowest
Low
Medium
High
Critical

Package: twitter-bootstrap3
Version: 3.4.1+dfsg-2+deb11u2
CVE ID: CVE-2025-1647
Debian Bug: 1105899

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here