Hi,

On Fri, 4 Oct 2024 17:19:21 +0200 =?UTF-8?Q?Moritz_M=C3=BChlenhoff?= <j...@inutil.org> wrote:
CVE-2024-6485[1]:
| A security vulnerability has been discovered in bootstrap that could
| enable Cross-Site Scripting (XSS) attacks. The vulnerability is
| associated with the data-loading-text attribute within the button
| plugin. This vulnerability can be exploited by injecting malicious
| JavaScript code into the attribute, which would then be executed
| when the button's loading state is triggered.

https://www.herodevs.com/vulnerability-directory/cve-2024-6485
Possible fix for CVE-2024-6485 (not CVE-2024-6484) in a bootstrap3 fork:
https://github.com/entreprise7pro/bootstrap/commit/769c032fd93d6f2c07599e096a736c5d09c041cf
(thanks Bastien for the pointer)

WDYT?

Cheers!
Sylvain Beucler
Debian LTS Team

Reply via email to