GHSA-vc8w-jr9v-vj7f
Suggest an improvement- Source
- https://github.com/advisories/GHSA-vc8w-jr9v-vj7f
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/07/GHSA-vc8w-jr9v-vj7f/GHSA-vc8w-jr9v-vj7f.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-vc8w-jr9v-vj7f
- Aliases
-
- CVE-2024-6531
- Published
- 2024-07-11T18:31:14Z
- Modified
- 2024-09-06T19:20:39.088066Z
- Severity
-
- 6.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L CVSS Calculator
- 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L CVSS Calculator
- Summary
- Bootstrap Cross-Site Scripting (XSS) vulnerability
- Details
-
A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.
- References
Affected packages
npm / bootstrap
Package
- Name
- bootstrap
- View open source insights on deps.dev
- Purl
- pkg:npm/bootstrap
RubyGems / bootstrap
Package
- Name
- bootstrap
- Purl
- pkg:gem/bootstrap
NuGet / bootstrap
Package
- Name
- bootstrap
- View open source insights on deps.dev
- Purl
- pkg:nuget/bootstrap
NuGet / bootstrap.sass
Package
- Name
- bootstrap.sass
- View open source insights on deps.dev
- Purl
- pkg:nuget/bootstrap.sass
Packagist / twbs/bootstrap
Package
- Name
- twbs/bootstrap
- Purl
- pkg:composer/twbs/bootstrap
Maven / org.webjars:bootstrap
Package
- Name
- org.webjars:bootstrap
- View open source insights on deps.dev
- Purl
- pkg:maven/org.webjars/bootstrap
Maven / org.webjars.npm:bootstrap
Package
- Name
- org.webjars.npm:bootstrap
- View open source insights on deps.dev
- Purl
- pkg:maven/org.webjars.npm/bootstrap