VulnerableCode Package Details - pkg:gem/bootstrap@5.0.0.beta2

Search for packages

Vulnerability	Summary	Fixed by
VCID-d4k9-se4n-4fh9 Aliases: CVE-2024-6484 GHSA-9mvj-f7w8-pvh2	Bootstrap Cross-Site Scripting (XSS) vulnerability A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the `data-slide` and `data-slide-to` attributes can be exploited through the href attribute of an `<a>` tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.	There are no reported fixed by versions.
VCID-qceg-ajt8-jfct Aliases: CVE-2024-6531 GHSA-vc8w-jr9v-vj7f	Bootstrap Cross-Site Scripting (XSS) vulnerability A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.	5.0.0 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-d4k9-se4n-4fh9
Aliases:
CVE-2024-6484
GHSA-9mvj-f7w8-pvh2

Bootstrap Cross-Site Scripting (XSS) vulnerability A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the `data-slide` and `data-slide-to` attributes can be exploited through the href attribute of an `<a>` tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.

There are no reported fixed by versions.

VCID-qceg-ajt8-jfct
Aliases:
CVE-2024-6531
GHSA-vc8w-jr9v-vj7f

Bootstrap Cross-Site Scripting (XSS) vulnerability A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.

5.0.0
Affected by 2 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-03T19:09:19.515568+00:00	GitLab Importer	Affected by	VCID-qceg-ajt8-jfct	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bootstrap/CVE-2024-6531.yml	37.0.0
2025-07-03T14:33:13.600600+00:00	Ruby Importer	Affected by	VCID-d4k9-se4n-4fh9	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2024-6484.yml	37.0.0
2025-07-03T14:33:13.433925+00:00	Ruby Importer	Affected by	VCID-qceg-ajt8-jfct	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2024-6531.yml	37.0.0