Bug 2297388 (CVE-2024-6485) - CVE-2024-6485 bootstrap: Cross-Site Scripting via button plugin on bootstrap
Summary: CVE-2024-6485 bootstrap: Cross-Site Scripting via button plugin on bootstrap
Keywords:
Status: NEW
Alias: CVE-2024-6485
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2328997 2328998 2350735
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-07-11 17:30 UTC by OSIDB Bzimport
Modified: 2026-04-30 04:00 UTC (History)
78 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2024-07-11 17:30:53 UTC 
A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting (XSS) attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribute, which would then be executed when the button's loading state is triggered.
Note You need to log in before you can comment on or make changes to this bug.