A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting (XSS) attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribute, which would then be executed when the button's loading state is triggered.
References
Configurations
No configuration.
History
21 Nov 2024, 09:49
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
References | () https://www.herodevs.com/vulnerability-directory/cve-2024-6485 - |
11 Jul 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-11 17:15
Updated : 2024-11-21 09:49
NVD link : CVE-2024-6485
Mitre link : CVE-2024-6485
CVE.ORG link : CVE-2024-6485
JSON object : View
Products Affected
No product.
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')