bootstrap 3

About this tag
The tag covers discussions about Bootstrap 3, a legacy front-end framework, with a focus on security vulnerabilities. A notable topic is CVE-2024-6485, a critical cross-site scripting (XSS) flaw in Bootstrap 3's Button plugin. This vulnerability allows attacker-controlled HTML to execute arbitrary JavaScript via improper handling of data-loading-text attributes. The tag includes troubleshooting and security updates related to Bootstrap 3, relevant for developers maintaining older web projects or migrating from Bootstrap 3 to newer versions.
  1. CVE-2024-6485 Bootstrap Button XSS in Bootstrap 3

    A critical Cross‑Site Scripting (XSS) flaw was assigned CVE‑2024‑6485 after researchers discovered that Bootstrap’s legacy Button plugin improperly handles the data-loading-text / data-*-text attributes, allowing attacker‑controlled HTML (including script) to be rendered when a button enters its...