Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bootstrap allows Cross-Site Scripting (XSS). This issue affects Bootstrap version 3.4.1. At time of publication, there is no publicly available patched version.

References

• https://nvd.nist.gov/vuln/detail/CVE-2025-1647
• https://www.herodevs.com/vulnerability-directory/cve-2025-1647
• https://lists.debian.org/debian-lts-announce/2025/06/msg00001.html