Home > Vulnerability Database > CVE-2024-6485

Mend.io Vulnerability Database

CVE-2024-6485

Good to know:

Date: July 11, 2024

A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting (XSS) attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribute, which would then be executed when the button's loading state is triggered.

Language: JS

Severity Score

6.4

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-6485

Url: https://www.herodevs.com/vulnerability-directory/cve-2024-6485

Url: https://github.com/twbs/bootstrap

Url: https://www.mend.io/vulnerability-database/CVE-2024-6485

Severity Score

6.4

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Top Fix

Upgrade Version

Upgrade to version bootstrap - 4.0.0

CVSS v3.1

Base Score:	6.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-6485

Good to know:

Date: July 11, 2024

Language: JS

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?