Browse all 3 CVE security advisories affecting Bootstrap. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Bootstrap is a popular CSS framework for responsive web design, primarily used to create mobile-first front-end interfaces. Historically, vulnerabilities have included cross-site scripting (XSS) due to improper sanitization of user inputs and remote code execution (RCE) through insecure template implementations. The framework has also faced privilege escalation issues in certain configurations. While Bootstrap itself is generally secure when properly implemented, vulnerabilities often arise from misuse or integration with vulnerable third-party components. The three CVEs on record highlight potential risks in custom builds and improper handling of user-provided content, emphasizing the importance of secure implementation practices when using this widely adopted web development tool.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-7508 | Bootstrap CMS Page Creation show.blade.php code injection — CMSCWE-94 | 6.3 | Medium | 2026-04-30 |
| CVE-2025-1647 | XSS in Bootstrap title attribute for Tooltip and Popover — BootstrapCWE-79 | 5.6 | Medium | 2025-05-15 |
| CVE-2024-6485 | XSS in Bootstrap button component — BootstrapCWE-79 | 6.4 | Medium | 2024-07-11 |
This page lists every published CVE security advisory associated with Bootstrap. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.