DEBIAN-CVE-2024-6485

DEBIAN-CVE-2024-6485 PUBLISHED CVSS 6.400000095367432 MEDIUM

A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting (XSS) attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribute, which would then be executed when the button's loading state is triggered.

Risk Scores

CVSS 3.1

6.400000095367432

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L

Affected Products

Vendor	Product	Versions
Debian:14	twitter-bootstrap3	0, 0
Debian:12	twitter-bootstrap3	0, 3.4.1+dfsg-3, 0
Debian:13	twitter-bootstrap3	0, 0
Debian:11	twitter-bootstrap3	0, *, 0

Exploit Intelligence

A poc for Bootstrap XSS(CVE-2024-6485、CVE-2016-10735、CVE-2019-8331、CVE-2018-14040) (github-poc-repo)
A poc for Bootstrap XSS(CVE-2024-6485、CVE-2016-10735、CVE-2019-8331、CVE-2018-14040) (github-poc)
rsshub-cross-site-scripting-vulnerability-caused-by-internal-media-proxy.html (github-poc)
cve_db.json (github-poc)

Timeline

Jul 11, 2024 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2024-6485 advisory

Open in Interactive Console →