You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2024 6485
About this tag
CVE-2024-6485 is a critical Cross-Site Scripting (XSS) vulnerability in Bootstrap 3's legacy Button plugin. The flaw arises from improper handling of data-loading-text and other data-*-text attributes, allowing attacker-controlled HTML and JavaScript to execute when a button enters its loading state. This can be exploited to run arbitrary scripts in a victim's browser. The vulnerability affects many legacy web applications that still use Bootstrap 3. Users are advised to update to patched versions or apply workarounds to mitigate the risk.
A critical Cross‑Site Scripting (XSS) flaw was assigned CVE‑2024‑6485 after researchers discovered that Bootstrap’s legacy Button plugin improperly handles the data-loading-text / data-*-text attributes, allowing attacker‑controlled HTML (including script) to be rendered when a button enters its...