CVE-2025-1647

MEDIUM Year: 2025
CVSS v3 Score
5.6
Medium
Weakness Type
CWE-79
View all →

Vulnerability Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bootstrap allows Cross-Site Scripting (XSS).This issue affects Bootstrap: from 3.4.1 before 4.0.0.

Related Vulnerabilities

CVE-2016-8924

MEDIUM
CVSS:5.6(Medium)

IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit thi...

CWE-792016

CVE-2021-3672

MEDIUM
CVSS:5.6(Medium)

A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Dom...

CWE-792021

CVE-2022-3231

MEDIUM
CVSS:5.6(Medium)

Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.9.0.

CWE-792022

CVE-2024-0640

MEDIUM
CVSS:5.6(Medium)

A stored cross-site scripting (XSS) vulnerability exists in chatwoot/chatwoot versions 3.0.0 to 3.5.1. This vulnerability allows an admin user to inject malicious JavaScript code via the dashboard app...

CWE-792024

CVE-2025-1461

MEDIUM
CVSS:5.6(Medium)

Improper neutralization of the value of the 'eventMoreText' property of the 'VCalendar' component in Vuetify allows unsanitized HTML to be inserted into the page. This can lead to a Cross-Site Scripti...

CWE-792025

CVE-2025-26158

MEDIUM
CVSS:5.6(Medium)

A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the manage-employee.php page of Kashipara Online Attendance Management System V1.0. This vulnerability allows remote attackers to ex...

CWE-792025