PT-2024-37660 · Bootstrap +3 · Bootstrap +3
K
·
Published
2024-07-11
·
Updated
2025-06-05
·
CVE-2024-6485
CVSS v3.1
6.4
6.4
Medium
| Base vector | Vector | AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L |
Name of the Vulnerable Software and Affected Versions:
bootstrap (affected versions not specified)
Description:
A security issue has been discovered that could enable Cross-Site Scripting (XSS) attacks. The issue is associated with the `data-loading-text` attribute within the button plugin. This can be exploited by injecting malicious JavaScript code into the attribute, which would then be executed when the button's loading state is triggered.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
XSS
Weakness Enumeration
Related Identifiers
CVE-2024-6485
DLA-4124-1
GHSA-VXMC-5X29-H64V
USN-7556-1
Affected Products
Debian
Linuxmint
Ubuntu
Bootstrap
References · 24
- https://security-tracker.debian.org/tracker/CVE-2024-6485 · Vendor Advisory
- https://osv.dev/vulnerability/USN-7556-1 · Vendor Advisory
- https://ubuntu.com/security/CVE-2024-6485 · Vendor Advisory
- https://ubuntu.com/security/CVE-2024-6531 · Vendor Advisory
- https://osv.dev/vulnerability/CVE-2024-6485 · Vendor Advisory
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6484 · Security Note
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6531 · Security Note
- https://security-tracker.debian.org/tracker/DLA-4124-1 · Vendor Advisory
- https://osv.dev/vulnerability/DLA-4124-1 · Vendor Advisory
- https://cve.org/CVERecord?id=CVE-2024-6485 · Security Note
- https://ubuntu.com/security/CVE-2024-6484 · Vendor Advisory
- https://security-tracker.debian.org/tracker/source-package/twitter-bootstrap3 · Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-6485 · Security Note
- https://osv.dev/vulnerability/UBUNTU-CVE-2024-6485 · Vendor Advisory
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6485 · Security Note