Disclosed on July 11, 2024 (updated November 04, 2025)
PGV-245118T is a category 2 vulnerabilty that affects bootstrap, versions ≥ 1.4.0 & ≤ 3.4.1
The risk assessment shows that this vulnerability is exlpoited by a compromised user. A legitimate user who unknowingly triggers exploitation of this vulnerability through normal interaction.
The impact is contained to the application. Exploitation remains confined to the application and cannot affect the host environment or external systems.
The threat damage is caused by a denial of service (limited). Exploitation can degrade or intermittently disrupt application availability without causing a full outage.is caused by a data breach. Exploitation can result in full access to data within the system.is caused by data tampering (limited). Exploitation does not allow modification of data beyond what the user is already authorized to modify.
A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting (XSS) attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribute, which would then be executed when the button's loading state is triggered.
| Network Exposure | External Accessable from the public internet |
| Access Interface | WebBrowser Primarily web-based applications |
| Service Outage | Disruptive Operations would be impacted |
| Data Breach | Disruptive Operations would be impacted |
| Data Tampering | Disruptive Operations would be impacted |
| Customize | |