Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-6485

Опубликовано: 11 июл. 2024
Источник: redhat
CVSS3: 6.4
EPSS Низкий

Описание

A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting (XSS) attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribute, which would then be executed when the button's loading state is triggered.

A vulnerability was found in bootstrap associated with the data-loading-text attribute within the button plugin. This vulnerability allows malicious JavaScript code to be injected into the attribute, which is then executed when the button's loading state is triggered.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat AMQ Broker 7bootstrapFix deferred
Red Hat Build of KeycloakbootstrapNot affected
Red Hat Ceph Storage 4cephOut of support scope
Red Hat Ceph Storage 5cephOut of support scope
Red Hat Ceph Storage 6cephAffected
Red Hat Ceph Storage 7cephAffected
Red Hat Certification for Red Hat Enterprise Linux 7redhat-certificationAffected
Red Hat Enterprise Linux 10cephFix deferred
Red Hat Enterprise Linux 7firefoxAffected
Red Hat Enterprise Linux 8389-ds:1.4/389-ds-baseNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=2297388bootstrap: Cross-Site Scripting via button plugin on bootstrap

EPSS

Процентиль: 35%
0.00139
Низкий

6.4 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-6485

CVSS3: 6.4
ubuntu
больше 1 года назад

A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting (XSS) attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribute, which would then be executed when the button's loading state is triggered.

nvd логотип

CVE-2024-6485

CVSS3: 6.4
nvd
больше 1 года назад

A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting (XSS) attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribute, which would then be executed when the button's loading state is triggered.

msrc логотип

CVE-2024-6485

CVSS3: 6.4
msrc
25 дней назад

XSS in Bootstrap button component

debian логотип

CVE-2024-6485

CVSS3: 6.4
debian
больше 1 года назад

A security vulnerability has been discovered in bootstrap that could e ...

github логотип

GHSA-vxmc-5x29-h64v

CVSS3: 6.4
github
больше 1 года назад

Bootstrap Cross-Site Scripting (XSS) vulnerability for data-* attributes

EPSS

Процентиль: 35%
0.00139
Низкий

6.4 Medium

CVSS3