What is the severity of CVE-2024-6531?

CVE-2024-6531 is classified as a medium severity vulnerability due to the risk of Cross-Site Scripting (XSS) attacks.

How do I fix CVE-2024-6531?

To fix CVE-2024-6531, update Bootstrap to version 5.0.0 or later.

What components of Bootstrap are affected by CVE-2024-6531?

CVE-2024-6531 affects the carousel component in Bootstrap where the data-slide and data-slide-to attributes are vulnerable.

How can CVE-2024-6531 be exploited?

CVE-2024-6531 can be exploited through inadequate sanitization of the href attribute in <a> tags within the carousel component.

What versions of Bootstrap are vulnerable to CVE-2024-6531?

Bootstrap versions from 4.0.0 to 4.6.2 are vulnerable to CVE-2024-6531.

Vulnerability/
CVE-2024-6531

medium

6.4

CWE

EPSS

0.043%

11/7/2024

16/5/2025

CVE-2024-6531: XSS in Bootstrap carousel component

First published: Thu Jul 11 2024(Updated: )

A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.

Credit: 36c7be3b-2937-45df-85ea-ca7133ea542c 36c7be3b-2937-45df-85ea-ca7133ea542c

Affected Software	Affected Version	How to fix
maven/org.webjars.npm:bootstrap	>=4.0.0<=4.6.2	5.0.0
maven/org.webjars:bootstrap	>=4.0.0<=4.6.2	5.0.0
composer/twbs/bootstrap	>=4.0.0<=4.6.2	5.0.0
nuget/bootstrap.sass	>=4.0.0<=4.6.2	5.0.0
nuget/bootstrap	>=4.0.0<=4.6.2	5.0.0
rubygems/bootstrap	>=4.0.0<=4.6.2	5.0.0
npm/bootstrap	>=4.0.0<=4.6.2	5.0.0
Bootstrap	>=4.0.0<=4.6.2
Debian Linux	=11.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-6531?
CVE-2024-6531 is classified as a medium severity vulnerability due to the risk of Cross-Site Scripting (XSS) attacks.
How do I fix CVE-2024-6531?
To fix CVE-2024-6531, update Bootstrap to version 5.0.0 or later.
What components of Bootstrap are affected by CVE-2024-6531?
CVE-2024-6531 affects the carousel component in Bootstrap where the data-slide and data-slide-to attributes are vulnerable.
How can CVE-2024-6531 be exploited?
CVE-2024-6531 can be exploited through inadequate sanitization of the href attribute in <a> tags within the carousel component.
What versions of Bootstrap are vulnerable to CVE-2024-6531?
Bootstrap versions from 4.0.0 to 4.6.2 are vulnerable to CVE-2024-6531.

agent/weakness
agent/title
agent/first-publish-date
agent/description
agent/type
agent/author
agent/epss
collector/epss-latest
source/FIRST
agent/trending
agent/source
collector/mitre-cve
source/MITRE
collector/nvd-cve
source/NVD
agent/references
collector/github-advisory-latest
source/GitHub
alias/GHSA-vc8w-jr9v-vj7f
alias/CVE-2024-6531
agent/software-canonical-lookup
collector/github-advisory
collector/nvd-api
agent/severity
agent/last-modified-date
agent/softwarecombine
agent/tags
agent/event
package-manager/maven
package-manager/composer
package-manager/nuget
package-manager/rubygems
package-manager/npm
vendor/getbootstrap
canonical/bootstrap
version/bootstrap/4.0.0
version/bootstrap/4.6.2
vendor/debian
canonical/debian linux
version/debian linux/11.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.