CVE-2024-6484

A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.
Configurations

No configuration.

History

21 Nov 2024, 09:49

Type Values Removed Values Added
Summary
  • (es) Se ha identificado una vulnerabilidad en Bootstrap que expone a los usuarios a ataques de Cross-Site Scripting (XSS). El problema está presente en el componente carousel, donde los atributos data-slide y data-slide-to pueden explotarse a través del atributo href de una etiqueta <a rel="nofollow"> debido a una sanitización inadecuada. Esta vulnerabilidad podría permitir a los atacantes ejecutar JavaScript arbitrario dentro del navegador de la víctima.</a>
References () https://www.herodevs.com/vulnerability-directory/cve-2024-6484 - () https://www.herodevs.com/vulnerability-directory/cve-2024-6484 -

11 Jul 2024, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-11 17:15

Updated : 2024-11-21 09:49


NVD link : CVE-2024-6484

Mitre link : CVE-2024-6484

CVE.ORG link : CVE-2024-6484


JSON object : View

Products Affected

No product.

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')