CVE-2024-6531
XSS in Bootstrap carousel component
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.
Se ha identificado una vulnerabilidad en Bootstrap que expone a los usuarios a ataques de Cross-Site Scripting (XSS). El problema está presente en el componente carousel, donde los atributos data-slide y data-slide-to pueden explotarse a través del atributo href de una etiqueta <a rel="nofollow"> debido a una sanitización inadecuada. Esta vulnerabilidad podría permitir a los atacantes ejecutar JavaScript arbitrario dentro del navegador de la víctima.</a>
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2024-07-05 CVE Reserved
- 2024-07-11 CVE Published
- 2024-07-12 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
- CAPEC-63: Cross-Site Scripting (XSS)
References (1)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Bootstrap Search vendor "Bootstrap" | Bootstrap Search vendor "Bootstrap" for product "Bootstrap" | >= 4.0.0 <= 4.6.2 Search vendor "Bootstrap" for product "Bootstrap" and version " >= 4.0.0 <= 4.6.2" | en |
Affected
| ||||||