Bootstrap Button Plugin Vulnerable to XSS Attacks
CVE-2024-6485

6.4MEDIUM

Key Information:

Vendor: Bootstrap
Status: Bootstrap; Bootstrap-sass
Vendor: CVE Published:; 11 July 2024

What is CVE-2024-6485?

A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting (XSS) attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribute, which would then be executed when the button's loading state is triggered.

Affected Version(s)

Bootstrap 1.4.0 <= 3.4.1

bootstrap-sass 2.3.2 <= 3.4.3

References

https://www.herodevs.com/vulnerability-directory/cve-2024...

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 11, 2024

Credit

CVE-2024-6485 Data

JSON