CVE-2024-6484Cross-site Scripting in Bootstrap

CWE-79Cross-site Scripting4 documents3 sources
Severity
6.4MEDIUMOSV
No vector
EPSS
No EPSS data
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Twbs BootstrapBootstrap-sass
Timeline
PublishedJun 5

Description

Title: Bootstrap vulnerabilities Summary: Several security issues were fixed in Bootstrap. It was discovered that Bootstrap did not correctly sanitize certain input in the carousel component. An attacker could possibly use this issue to execute a cross-site scripting (XSS) attack. (CVE-2024-6484, CVE-2024-6531) It was discovered that Bootstrap did not correctly sanitize certain input in the button plugin. An attacker could possibly use this issue to execute a cross-site scripting (XSS) attack

Affected Packages3 packages

Packagisttwbs/bootstrap2.0.03.4.1
RubyGemsbootstrap-sass/bootstrap-sass2.0.03.4.1
npmbootstrap-sass/bootstrap-sass2.0.03.4.3

🔴Vulnerability Details

3
OSV
twitter-bootstrap3, twitter-bootstrap4 vulnerabilities2025-06-05
GHSA
Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability2024-07-11
OSV
Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability2024-07-11

📋Vendor Advisories

1
Ubuntu
Bootstrap vulnerabilities2025-06-05
CVE-2024-6484 — Cross-site Scripting in Twbs Bootstrap | cvebase