Bootstrap Cross-Site Scripting (XSS) vulnerability for data-* attributes
- Severity:
- Medium
Description
A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting (XSS) attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin.
Recommendation
No fix is available yet. Followings are affected versions:
- >= 1.4.0, <= 3.4.1
References
- GHSA-vxmc-5x29-h64v
- www.herodevs.com
- lists.debian.org
- CVE-2024-6485
- CWE-79
- CAPEC-310
- OWASP 2021-A3
- OWASP 2021-A6
Related Issues
- Bootstrap Cross-Site Scripting (XSS) vulnerability - CVE-2024-6531
- VvvebJs Reflected Cross-Site Scripting (XSS) vulnerability - CVE-2024-29271
- ghtml Cross-Site Scripting (XSS) vulnerability - CVE-2024-37166
- vue-i18n has cross-site scripting vulnerability with prototype pollution (GHSA-9r9m-ffp6-9x4v) 4 - CVE-2024-52809
- Tags:
- npm
- bootstrap
Anything's wrong? Let us know Last updated on November 03, 2025