CVE-2024-6531: Bootstrap Cross-Site Scripting (XSS) vulnerability

July 11, 2024 (updated April 14, 2025)

A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim’s browser.

References

github.com/advisories/GHSA-vc8w-jr9v-vj7f
github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2024-6531.yml
github.com/twbs/bootstrap
lists.debian.org/debian-lts-announce/2025/04/msg00021.html
nvd.nist.gov/vuln/detail/CVE-2024-6531
www.herodevs.com/vulnerability-directory/cve-2024-6531

Code Behaviors & Features

Detect and mitigate CVE-2024-6531 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →