Red Hat JBossEAP: Cross-site Scripting (CVE-2025-1647)
Description
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bootstrap allows Cross-Site Scripting (XSS).This issue affects Bootstrap: from 3.4.1 before 4.0.0.. A security vulnerability has been identified in the Bootstrap framework. This flaw allows for the execution of arbitrary JavaScript code within a user's web browser. This can occur when user-supplied input is not properly sanitized during the generation of web pages utilizing Bootstrap components. Successful exploitation could enable attackers to perform a variety of client-side attacks, potentially leading to data theft, session hijacking, defacement, or other malicious activities within the context of the affected user's browser session.
Solution(s)
- red-hat-jboss-eap-upgrade-latest
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center