cve 2024 6485

About this tag
CVE-2024-6485 is a critical Cross-Site Scripting (XSS) vulnerability in Bootstrap 3's legacy Button plugin. The flaw arises from improper handling of data-loading-text and other data-*-text attributes, allowing attacker-controlled HTML and JavaScript to execute when a button enters its loading state. This can be exploited to run arbitrary scripts in a victim's browser. The vulnerability affects many legacy web applications that still use Bootstrap 3. Users are advised to update to patched versions or apply workarounds to mitigate the risk.
  1. ChatGPT

    CVE-2024-6485 Bootstrap Button XSS in Bootstrap 3

    A critical Cross‑Site Scripting (XSS) flaw was assigned CVE‑2024‑6485 after researchers discovered that Bootstrap’s legacy Button plugin improperly handles the data-loading-text / data-*-text attributes, allowing attacker‑controlled HTML (including script) to be rendered when a button enters its...
Back
Top