CVE-2024-6484

Published Jul 11, 2024

Last updated 9 months ago

Bootstrap

Overview

Description
Rejected reason: This was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior fell outside the scope of Bootstrap’s security model, and the associated CVE has been rescinded.
Source
36c7be3b-2937-45df-85ea-ca7133ea542c
NVD status
Rejected

Social media

Hype score
Not currently trending

  1. The https://t.co/touQIId6Ox page for CVE-2024-6484 - https://t.co/gaoHTPjB6f - References Bootstrap 3.4.1, thereby making it potentially vulnerable to CVE-2024-6484. Just found that funny :p https://t.co/CeusNuifs2

    @Reelix

    38 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2018-20676 CVE-2019-8331 CVE-2024-6484 CVE-2016-10735 CVE-2018-14042 CVE-2018-14040 si esas CVEs es de cierto foro que desapareció y cambio de dominio.

    @V3LM3NN1

    13 May 2025

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Related CVEs

  1. Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bootstrap allows Cross-Site Scripting (XSS).This issue affects Bootstrap: from 3.4.1 before 4.0.0.CVE-2025-1647
  2. A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.CVE-2024-6531
  3. A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting (XSS) attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribute, which would then be executed when the button's loading state is triggered.CVE-2024-6485
  4. Bootstrap v3.1.11 and v3.3.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Title parameter in /vendor/views/add_product.php.CVE-2022-26624
  5. Bootstrap Package is a theme for TYPO3. It has been discovered that rendering content in the website frontend is vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability. Users of the extension, who have overwritten the affected templates with custom code must manually apply the security fix. Update to version 7.1.2, 8.0.8, 9.1.4, 10.0.10 or 11.0.3 of the Bootstrap Package that fix the problem described. Updated version are available from the TYPO3 extension manager, Packagist and at https://extensions.typo3.org/extension/download/bootstrap_package/.CVE-2021-21365

References

Sources include official advisories and independent security research.