Bootstrap: Button Plugin Vulnerable to XSS via data-loading-text Attribute

In Bootstrap versions from 2.0.0 up to 3.4.1 a medium severity vulnerability CVE-2024-6485 was detected. This vulnerability is related to the button plugin’s data-loading-text attribute. Attackers can exploit this vulnerability by injecting harmful JavaScript code into the attribute. This code executes when the button enters its loading state, potentially enabling Cross-Site Scripting (XSS) attacks. To address this issue, users should upgrade to versions 4.0.0 or higher. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6485.