-
-
Notifications
You must be signed in to change notification settings - Fork 78.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cross-Site Scripting (XSS) vulnerability - CVE-2024-6484 #40692
Comments
Thanks for reporting an issue @mohan26 |
@julien-deramond As I have mentioned in the description I have already using upgraded version - 5.3.3 , please recheck on this |
Hello @julien-deramond, Any update regarding this? Best regards, |
Our security team is evaluating the impact on v5 based on the recent CVEs. |
Prerequisites
Describe the issue
A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of a tag due to inadequate sanitization. This vulnerability could enable attackers to execute arbitrary JavaScript within the victim's browser.
Found a medium-level vulnerability issue in the Fortify scan for all versions below 5.3.3
References
GHSA-9mvj-f7w8-pvh2
Reduced test cases
vulnerability issue
What operating system(s) are you seeing the problem on?
Windows
What browser(s) are you seeing the problem on?
Chrome
What version of Bootstrap are you using?
5.3.3
The text was updated successfully, but these errors were encountered: