CVE-2024-6484: Bootstrap Cross-Site Scripting (XSS) vulnerability
(updated )
A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim’s browser.
References
- github.com/advisories/GHSA-9mvj-f7w8-pvh2
- github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2024-6484.yml
- github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2024-6484.yml
- github.com/twbs/bootstrap
- nvd.nist.gov/vuln/detail/CVE-2024-6484
- www.herodevs.com/vulnerability-directory/cve-2024-6484
Detect and mitigate CVE-2024-6484 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →