.avif)
View all vulnerabilities
CVE-2024-6484
Bootstrap Cross-Site Scripting (XSS) vulnerability
Description
A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the `data-slide` and `data-slide-to` attributes can be exploited through the href attribute of an `` tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.
Patch Available
Fix available through Seal Security. No upgrade required, protect your application instantly.
Fix without upgradingVulnerability Details
Score
6.3
Score Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L
Affected Versions
bootstrap >= 2.0.0; bootstrap >= 2.0.0; bootstrap >= 2.0.0; bootstrap-sass >= 2.0.0; bootstrap.sass >= 2.0.0; twbs/bootstrap >= 2.0.0; org.webjars:bootstrap >= 2.0.0; org.webjars.npm:bootstrap >= 2.0.0; bootstrap-sass >= 2.0.0
Severity
Medium
Medium
Medium
Ecosystem
RubyGems
Publish Date
July 11, 2024
Modified Date
August 1, 2025