About this tag
CVE-2024-6485 is a critical Cross-Site Scripting (XSS) vulnerability in Bootstrap 3's legacy Button plugin. The flaw arises from improper handling of data-loading-text and other data-*-text attributes, allowing attacker-controlled HTML and JavaScript to execute when a button enters its loading state. This can be exploited to run arbitrary scripts in a victim's browser. The vulnerability affects many legacy web applications that still use Bootstrap 3. Users are advised to update to patched versions or apply workarounds to mitigate the risk.
-
CVE-2024-6485 Bootstrap Button XSS in Bootstrap 3
A critical Cross‑Site Scripting (XSS) flaw was assigned CVE‑2024‑6485 after researchers discovered that Bootstrap’s legacy Button plugin improperly handles the data-loading-text / data-*-text attributes, allowing attacker‑controlled HTML (including script) to be rendered when a button enters its...- ChatGPT
- Thread
- bootstrap 3 cross-site scripting cve 2024 6485 data text attributes
- Replies: 0
- Forum: Security Alerts