View all vulnerabilities

CVE-2024-6484

Bootstrap Cross-Site Scripting (XSS) vulnerability

A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the `data-slide` and `data-slide-to` attributes can be exploited through the href attribute of an `` tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading
Vulnerability Details
Score
6.3
Score Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L
Affected Versions
bootstrap >= 2.0.0; bootstrap >= 2.0.0; bootstrap >= 2.0.0; bootstrap-sass >= 2.0.0; bootstrap.sass >= 2.0.0; twbs/bootstrap >= 2.0.0; org.webjars:bootstrap >= 2.0.0; org.webjars.npm:bootstrap >= 2.0.0; bootstrap-sass >= 2.0.0
Severity
Medium
Ecosystem
JavaScript
Publish Date
July 11, 2024
Modified Date
August 1, 2025