What is the severity of CVE-2024-6484?

CVE-2024-6484 is a Cross-Site Scripting (XSS) vulnerability categorized as high severity.

How do I fix CVE-2024-6484?

To fix CVE-2024-6484, update Bootstrap to a version newer than 3.4.1.

Which versions of Bootstrap are affected by CVE-2024-6484?

Bootstrap versions between 2.0.0 and 3.4.1 are affected by CVE-2024-6484.

What component of Bootstrap does CVE-2024-6484 affect?

CVE-2024-6484 affects the carousel component of Bootstrap.

What type of attack can be executed due to CVE-2024-6484?

CVE-2024-6484 can be exploited to execute Cross-Site Scripting (XSS) attacks.

Vulnerability/
CVE-2024-6484

medium

6.4

CWE

EPSS

0.043%

11/7/2024

7/2/2025

CVE-2024-6484: XSS in Bootstrap carousel component

First published: Thu Jul 11 2024(Updated: )

A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the `data-slide` and `data-slide-to` attributes can be exploited through the href attribute of an `<a>` tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.

Credit: 36c7be3b-2937-45df-85ea-ca7133ea542c 36c7be3b-2937-45df-85ea-ca7133ea542c

Affected Software	Affected Version	How to fix
maven/org.webjars.npm:bootstrap	>=2.0.0<=3.4.1
maven/org.webjars:bootstrap	>=2.0.0<=3.4.1
composer/twbs/bootstrap	>=2.0.0<=3.4.1
nuget/bootstrap.sass	>=2.0.0<=3.4.1
rubygems/bootstrap-sass	>=2.0.0<=3.4.1
nuget/bootstrap	>=2.0.0<=3.4.1
rubygems/bootstrap	>=2.0.0<=3.4.1
npm/bootstrap	>=2.0.0<=3.4.1
npm/bootstrap-sass	>=2.0.0<=3.4.3
Twitter Bootstrap	>=3.2.0<=3.4.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-6484?
CVE-2024-6484 is a Cross-Site Scripting (XSS) vulnerability categorized as high severity.
How do I fix CVE-2024-6484?
To fix CVE-2024-6484, update Bootstrap to a version newer than 3.4.1.
Which versions of Bootstrap are affected by CVE-2024-6484?
Bootstrap versions between 2.0.0 and 3.4.1 are affected by CVE-2024-6484.
What component of Bootstrap does CVE-2024-6484 affect?
CVE-2024-6484 affects the carousel component of Bootstrap.
What type of attack can be executed due to CVE-2024-6484?
CVE-2024-6484 can be exploited to execute Cross-Site Scripting (XSS) attacks.

agent/title
agent/weakness
agent/type
agent/first-publish-date
agent/severity
agent/event
agent/author
agent/references
agent/epss
collector/github-advisory
source/GitHub
alias/GHSA-9mvj-f7w8-pvh2
alias/CVE-2024-6484
agent/software-canonical-lookup
collector/epss-latest
source/FIRST
agent/trending
agent/source
collector/mitre-cve
source/MITRE
collector/nvd-cve
source/NVD
agent/description
agent/last-modified-date
agent/softwarecombine
collector/github-advisory-latest
agent/tags
collector/nvd-api
package-manager/maven
package-manager/composer
package-manager/nuget
package-manager/rubygems
package-manager/npm
vendor/getbootstrap
canonical/twitter bootstrap
version/twitter bootstrap/3.2.0
version/twitter bootstrap/3.4.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.