{ "threat_severity" : "Moderate", "public_date" : "2024-07-11T00:00:00Z", "bugzilla" : { "description" : "bootstrap: Cross-Site Scripting via button plugin on bootstrap", "id" : "2297388", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2297388" }, "cvss3" : { "cvss3_base_score" : "6.4", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L", "status" : "verified" }, "cwe" : "CWE-79", "details" : [ "A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting (XSS) attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribute, which would then be executed when the button's loading state is triggered.", "A vulnerability was found in bootstrap associated with the data-loading-text attribute within the button plugin. This vulnerability allows malicious JavaScript code to be injected into the attribute, which is then executed when the button's loading state is triggered." ], "affected_release" : [ { "product_name" : "Discovery 1 for RHEL 9", "release_date" : "2025-02-10T00:00:00Z", "advisory" : "RHSA-2025:1249", "cpe" : "cpe:/o:redhat:discovery:1.0::el9", "package" : "discovery/discovery-server-rhel9:1.12.0-1" }, { "product_name" : "Discovery 1 for RHEL 9", "release_date" : "2025-02-10T00:00:00Z", "advisory" : "RHSA-2025:1249", "cpe" : "cpe:/o:redhat:discovery:1.0::el9", "package" : "discovery/discovery-ui-rhel9:1.12.0-1" } ], "package_state" : [ { "product_name" : "Red Hat AMQ Broker 7", "fix_state" : "Fix deferred", "package_name" : "bootstrap", "cpe" : "cpe:/a:redhat:amq_broker:7" }, { "product_name" : "Red Hat Build of Keycloak", "fix_state" : "Not affected", "package_name" : "bootstrap", "cpe" : "cpe:/a:redhat:build_keycloak:" }, { "product_name" : "Red Hat Ceph Storage 4", "fix_state" : "Out of support scope", "package_name" : "ceph", "cpe" : "cpe:/a:redhat:ceph_storage:4" }, { "product_name" : "Red Hat Ceph Storage 5", "fix_state" : "Out of support scope", "package_name" : "ceph", "cpe" : "cpe:/a:redhat:ceph_storage:5" }, { "product_name" : "Red Hat Ceph Storage 6", "fix_state" : "Not affected", "package_name" : "ceph", "cpe" : "cpe:/a:redhat:ceph_storage:6" }, { "product_name" : "Red Hat Ceph Storage 7", "fix_state" : "Not affected", "package_name" : "ceph", "cpe" : "cpe:/a:redhat:ceph_storage:7" }, { "product_name" : "Red Hat Certification for Red Hat Enterprise Linux 7", "fix_state" : "Affected", "package_name" : "redhat-certification", "cpe" : "cpe:/a:redhat:certifications:1::el7" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "ceph", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Affected", "package_name" : "firefox", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "389-ds:1.4/389-ds-base", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "cockpit", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "cockpit-appstream", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Will not fix", "package_name" : "cockpit-composer", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "container-tools:rhel8/cockpit-podman", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Will not fix", "package_name" : "dotnet5.0-build-reference-packages", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "dotnet9.0", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "firefox", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "thunderbird", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "ceph", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Will not fix", "package_name" : "cockpit-composer", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "dotnet9.0", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "firefox", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "thunderbird", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Fuse 7", "fix_state" : "Out of support scope", "package_name" : "bootstrap", "cpe" : "cpe:/a:redhat:jboss_fuse:7" }, { "product_name" : "Red Hat JBoss Data Grid 7", "fix_state" : "Out of support scope", "package_name" : "bootstrap", "cpe" : "cpe:/a:redhat:jboss_data_grid:7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7", "fix_state" : "Not affected", "package_name" : "bootstrap", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8", "fix_state" : "Not affected", "package_name" : "bootstrap", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform Expansion Pack", "fix_state" : "Not affected", "package_name" : "bootstrap", "cpe" : "cpe:/a:redhat:jbosseapxp" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "fix_state" : "Affected", "package_name" : "qpid-dispatch", "cpe" : "cpe:/a:redhat:openstack:16.2" }, { "product_name" : "Red Hat Process Automation 7", "fix_state" : "Out of support scope", "package_name" : "bootstrap", "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "product_name" : "Red Hat Quay 3", "fix_state" : "Not affected", "package_name" : "quay/quay-rhel8", "cpe" : "cpe:/a:redhat:quay:3" }, { "product_name" : "Red Hat Satellite 6", "fix_state" : "Not affected", "package_name" : "nodejs-patternfly-react-catalog-view-extension", "cpe" : "cpe:/a:redhat:satellite:6" }, { "product_name" : "Red Hat Single Sign-On 7", "fix_state" : "Out of support scope", "package_name" : "bootstrap", "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-6485\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-6485\nhttps://www.herodevs.com/vulnerability-directory/cve-2024-6485" ], "name" : "CVE-2024-6485", "csaw" : false }