Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[GHSA-vc8w-jr9v-vj7f] Bootstrap Cross-Site Scripting (XSS) vulnerability #4767

Closed
wants to merge 1 commit into from
Closed

[GHSA-vc8w-jr9v-vj7f] Bootstrap Cross-Site Scripting (XSS) vulnerability #4767

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
57 changes: 37 additions & 20 deletions advisories/github-reviewed/2024/07/GHSA-vc8w-jr9v-vj7f/GHSA-vc8w-jr9v-vj7f.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,21 +1,17 @@
{
"schema_version": "1.4.0",
"id": "GHSA-vc8w-jr9v-vj7f",
"modified": "2024-08-16T18:15:21Z",
"modified": "2024-08-16T18:15:22Z",
"published": "2024-07-11T18:31:14Z",
"aliases": [
"CVE-2024-6531"
],
"summary": "Bootstrap Cross-Site Scripting (XSS) vulnerability",
"details": "A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.",
"details": "A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.\n\nWhile no patch exists in Bootstrap v4 users of v4 may use [Bootstrap NES](https://www.herodevs.com/support/nes-bootstrap) (paid) for extended security support. Users of bootstrap are encouraged to migrate to Bootstrap v5. ",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L"
}
],
"affected": [
Expand All @@ -32,11 +28,14 @@
"introduced": "4.0.0"
},
{
"last_affected": "4.6.2"
"fixed": ">=5"
}
]
}
]
],
"database_specific": {
"last_known_affected_version_range": "<= 4.6.2"
}
},
{
"package": {
Expand All @@ -51,11 +50,14 @@
"introduced": "4.0.0"
},
{
"last_affected": "4.6.2"
"fixed": ">=5"
}
]
}
]
],
"database_specific": {
"last_known_affected_version_range": "<= 4.6.2"
}
},
{
"package": {
Expand All @@ -70,11 +72,14 @@
"introduced": "4.0.0"
},
{
"last_affected": "4.6.2"
"fixed": ">=5"
}
]
}
]
],
"database_specific": {
"last_known_affected_version_range": "<= 4.6.2"
}
},
{
"package": {
Expand All @@ -89,11 +94,14 @@
"introduced": "4.0.0"
},
{
"last_affected": "4.6.2"
"fixed": ">=5"
}
]
}
]
],
"database_specific": {
"last_known_affected_version_range": "<= 4.6.2"
}
},
{
"package": {
Expand All @@ -108,11 +116,14 @@
"introduced": "4.0.0"
},
{
"last_affected": "4.6.2"
"fixed": ">=5"
}
]
}
]
],
"database_specific": {
"last_known_affected_version_range": "<= 4.6.2"
}
},
{
"package": {
Expand All @@ -127,11 +138,14 @@
"introduced": "4.0.0"
},
{
"last_affected": "4.6.2"
"fixed": ">=5"
}
]
}
]
],
"database_specific": {
"last_known_affected_version_range": "<= 4.6.2"
}
},
{
"package": {
Expand All @@ -146,11 +160,14 @@
"introduced": "4.0.0"
},
{
"last_affected": "4.6.2"
"fixed": ">=5"
}
]
}
]
],
"database_specific": {
"last_known_affected_version_range": "<= 4.6.2"
}
}
],
"references": [
Expand Down
Loading