Source: twitter-bootstrap3 X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security
Hi, The following vulnerabilities were published for twitter-bootstrap3. CVE-2024-6484[0]: | A vulnerability has been identified in Bootstrap that exposes users | to Cross-Site Scripting (XSS) attacks. The issue is present in the | carousel component, where the data-slide and data-slide-to | attributes can be exploited through the href attribute of an <a> tag | due to inadequate sanitization. This vulnerability could potentially | enable attackers to execute arbitrary JavaScript within the victim's | browser. https://www.herodevs.com/vulnerability-directory/cve-2024-6484 CVE-2024-6485[1]: | A security vulnerability has been discovered in bootstrap that could | enable Cross-Site Scripting (XSS) attacks. The vulnerability is | associated with the data-loading-text attribute within the button | plugin. This vulnerability can be exploited by injecting malicious | JavaScript code into the attribute, which would then be executed | when the button's loading state is triggered. https://www.herodevs.com/vulnerability-directory/cve-2024-6485 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-6484 https://www.cve.org/CVERecord?id=CVE-2024-6484 [1] https://security-tracker.debian.org/tracker/CVE-2024-6485 https://www.cve.org/CVERecord?id=CVE-2024-6485 Please adjust the affected versions in the BTS as needed.
