A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting (XSS) attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribute, which would then be executed when the button's loading state is triggered.
History

Wed, 27 Nov 2024 02:30:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Moderate


Tue, 15 Oct 2024 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Getbootstrap
Getbootstrap bootstrap
CPEs cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*
Vendors & Products Getbootstrap
Getbootstrap bootstrap
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: HeroDevs

Published: 2024-07-11T17:08:08.224Z

Updated: 2024-10-15T15:18:38.777Z

Reserved: 2024-07-03T16:54:39.173Z

Link: CVE-2024-6485

cve-icon Vulnrichment

Updated: 2024-08-01T21:41:03.397Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-07-11T17:15:17.240

Modified: 2024-11-21T09:49:43.863

Link: CVE-2024-6485

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-07-11T00:00:00Z

Links: CVE-2024-6485 - Bugzilla