Description

A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.

Remediation

References

CVE-2024-6484

Related Vulnerabilities

WordPress Plugin Article Directory Cross-Site Scripting (1.3)

Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-43941)

WordPress Plugin Convert Plus Security Bypass (3.4.2)

Drupal Core 7.x Security Bypass (7.0 - 7.87)

Roundcube Cross-site Scripting (XSS) Vulnerability (CVE-2015-1433)

Severity

Medium

Classification

CVE-2024-6484 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities