Bug 2297388 (CVE-2024-6485)

Summary: CVE-2024-6485 bootstrap: Cross-Site Scripting via button plugin on bootstrap
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: amctagga, aoconnor, asoldano, ataylor, bbaranow, bdettelb, bmaxwell, bniver, boliveir, brian.stansberry, caswilli, chazlett, darran.lofthouse, dhanak, dkreling, doconnor, dosoudil, drichtar, eglynn, ehelms, flucifre, ggainey, gmalinko, gmeno, gotiwari, gtanzill, ibek, istudens, ivassile, iweiss, janstey, jhorak, jjoyce, jkoops, jrokos, jschluet, juwatts, kaycoth, kverlaen, lhh, lsvaty, mbenjamin, mburns, mgarciac, mhackett, mhulan, mnovotny, mosmerov, msochure, msvehla, mvyas, nmoumoul, nwallace, pcreech, pdelbell, pdrozd, peholase, pesilva, pgrist, pjindal, pmackay, pskopek, rchan, rguimara, rhos-maint, rkieley, rmartinc, rowaters, rstancel, rstepani, smaestri, smallamp, sostapov, sthorger, teagle, tom.jenkinson, tpopela, vereddy
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in bootstrap associated with the data-loading-text attribute within the button plugin. This vulnerability allows malicious JavaScript code to be injected into the attribute, which is then executed when the button's loading state is triggered.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2328997, 2328998, 2350735    
Bug Blocks:    

Description OSIDB Bzimport 2024-07-11 17:30:53 UTC 
A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting (XSS) attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribute, which would then be executed when the button's loading state is triggered.