Cross-site Scripting

Overview org.webjars.bowergithub.jasny:bootstrap is a popular front-end framework for faster and easier web development. Affected versions of this package are vulnerable to Cross-site Scripting through the data-loading-text attribute in the button component. An attacker can execute arbitrary...

Cross-site Scripting

Overview org.fujion.webjars:bootstrap is a popular front-end framework for faster and easier web development. Affected versions of this package are vulnerable to Cross-site Scripting through the data-loading-text attribute in the button component. An attacker can execute arbitrary JavaScript code...

AZL-71317 CVE-2024-6485 affecting package reaper for versions less than 3.1.1-22

A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting XSS attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribut...

CVE-2024-6485

A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting XSS attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribut...

CVE-2024-6485

A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting XSS attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribut...

DEBIAN-CVE-2024-6485

A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting XSS attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribut...

UBUNTU-CVE-2024-6485

A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting XSS attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribut...

CVE-2024-6485

CVE-2024-6485 is a Bootstrap XSS vulnerability in the button component’s data-loading-text attribute. Affected: Bootstrap 3.x (notably Bootstrap 3.x series); impact is cross-site scripting when the loading state is triggered. Mitigation: Debian LTS advisory indicates fixed in 3.4.1+dfsg-2+deb11u1...

CVE-2024-6485

A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting XSS attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribut...

WordPress Download Button for Elementor plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin Download Button for Elementor versions = 1.2.1...

Malicious code in sap-button (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2afad02c98c4f6eb4d6616501b94fa8d0e753c27bc44db56cbda21007caff4f8 The OpenSSF Package Analysis project identified 'sap-button' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...

MAL-2024-7651 Malicious code in sap-button (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2afad02c98c4f6eb4d6616501b94fa8d0e753c27bc44db56cbda21007caff4f8 The OpenSSF Package Analysis project identified 'sap-button' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...

PT-2024-37660

Name of the Vulnerable Software and Affected Versions bootstrap affected versions not specified Description A security issue has been discovered that could enable Cross-Site Scripting XSS attacks. The issue is associated with the data-loading-text attribute within the button plugin. This can be...

CVE-2024-5456

The Panda Video plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.0 via the 'selectedbutton' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the...

PT-2024-36388 · WordPress · Panda Video

Name of the Vulnerable Software and Affected Versions: Panda Video plugin for WordPress versions up to, and including, 1.4.0 Description: The issue allows authenticated attackers with Contributor-level access and above to include and execute arbitrary files on the server via the selected button...

CVE-2024-5938

The Boot Store theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter within the theme's Button shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2024-5938 Boot Store <= 1.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode

The Boot Store theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter within the theme's Button shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

WordPress Boot Store theme <= 1.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Button Shortcode vulnerability discovered by Francesco Carlucci in WordPress Theme Boot Store versions = 1.6.4...

PT-2024-37253 · WordPress · Boot Store

Name of the Vulnerable Software and Affected Versions: The Boot Store theme for WordPress versions up to, and including, 1.6.4 Description: The issue is related to Stored Cross-Site Scripting via the link parameter within the theme's Button shortcode due to insufficient input sanitization and...

CVE-2024-5666

The Extensions for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the EE Button widget in all versions up to, and including, 2.0.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...