-
-
Notifications
You must be signed in to change notification settings - Fork 231
Expand file tree
/
Copy pathCVE-2024-6531.yml
More file actions
24 lines (24 loc) · 896 Bytes
/
CVE-2024-6531.yml
File metadata and controls
24 lines (24 loc) · 896 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
---
gem: bootstrap
cve: 2024-6531
ghsa: vc8w-jr9v-vj7f
url: https://github.com/advisories/GHSA-vc8w-jr9v-vj7f
title: Bootstrap Cross-Site Scripting (XSS) vulnerability
date: 2024-07-11
description: |
A vulnerability has been identified in Bootstrap that exposes users
to Cross-Site Scripting (XSS) attacks. The issue is present in the
carousel component, where the data-slide and data-slide-to attributes
can be exploited through the href attribute of an <a> tag due to
inadequate sanitization. This vulnerability could potentially enable
attackers to execute arbitrary JavaScript within the victim's browser.
cvss_v3: 6.4
unaffected_versions:
- "< 4.0.0"
patched_versions:
- "> 4.6.2"
related:
url:
- https://nvd.nist.gov/vuln/detail/CVE-2024-6531
- https://www.herodevs.com/vulnerability-directory/cve-2024-6531
- https://github.com/advisories/GHSA-vc8w-jr9v-vj7f