A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.
References
Configurations
No configuration.
History
21 Nov 2024, 09:49
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
References | () https://www.herodevs.com/vulnerability-directory/cve-2024-6484 - |
11 Jul 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-11 17:15
Updated : 2024-11-21 09:49
NVD link : CVE-2024-6484
Mitre link : CVE-2024-6484
CVE.ORG link : CVE-2024-6484
JSON object : View
Products Affected
No product.
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')