Forum: >>> Magnum BBS <<<

Bug#1084060: twitter-bootstrap3: CVE-2024-6484 CVE-2024-6485

From Sylvain Beucler@21:1/5 to jmm@inutil.org on Wed Apr 9 11:40:04 2025

Hi,

On Fri, 4 Oct 2024 17:19:21 +0200 =?UTF-8?Q?Moritz_M=C3=BChlenhoff?= <jmm@inutil.org> wrote:

CVE-2024-6485[1]:
| A security vulnerability has been discovered in bootstrap that could
| enable Cross-Site Scripting (XSS) attacks. The vulnerability is
| associated with the data-loading-text attribute within the button
| plugin. This vulnerability can be exploited by injecting malicious
| JavaScript code into the attribute, which would then be executed
| when the button's loading state is triggered.

https://www.herodevs.com/vulnerability-directory/cve-2024-6485

Possible fix for CVE-2024-6485 (not CVE-2024-6484) in a bootstrap3 fork: https://github.com/entreprise7pro/bootstrap/commit/769c032fd93d6f2c07599e096a736c5d09c041cf
(thanks Bastien for the pointer)

WDYT?

Cheers!
Sylvain Beucler
Debian LTS Team

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	481
Nodes:	16 (2 / 14)
Uptime:	15:14:32
Calls:	9,540
Files:	13,653
Messages:	6,139,700