HeroDevsVULNRICHMENT:CVE-2024-6531CVE-2024-6531 XSS in Bootstrap carousel component
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L
AI Score
Confidence
High
SSVC
Exploitation
poc
Automatable
no
Technical Impact
partial
A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim’s browser.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:getbootstrap:bootstrap:4.0.0:-:*:*:*:*:*:*"
],
"vendor": "getbootstrap",
"product": "bootstrap",
"versions": [
{
"status": "affected",
"version": "4.0.0",
"versionType": "custom",
"lessThanOrEqual": "4.6.2"
}
],
"defaultStatus": "unaffected"
}
]Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L
AI Score
Confidence
High
SSVC
Exploitation
poc
Automatable
no
Technical Impact
partial