vulnerability
Red Hat: CVE-2024-6485: bootstrap: Cross-Site Scripting via button plugin on bootstrap
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:H/Au:N/C:C/I:P/A:P) | Jul 11, 2024 | Jul 9, 2025 | Jul 10, 2025 |
Severity
7
CVSS
(AV:N/AC:H/Au:N/C:C/I:P/A:P)
Published
Jul 11, 2024
Added
Jul 9, 2025
Modified
Jul 10, 2025
Description
A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting (XSS) attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribute, which would then be executed when the button's loading state is triggered.
Solution
no-fix-redhat-rpm-package
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.