Search for packages
| purl | pkg:maven/org.webjars.npm/bootstrap@3.4.1 |
| Next non-vulnerable version | 4.0.0-alpha.2 |
| Latest non-vulnerable version | 5.0.0 |
| Risk | 3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-d4k9-se4n-4fh9
Aliases: CVE-2024-6484 GHSA-9mvj-f7w8-pvh2 |
Bootstrap Cross-Site Scripting (XSS) vulnerability A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the `data-slide` and `data-slide-to` attributes can be exploited through the href attribute of an `<a>` tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-07-03T19:09:19.235339+00:00 | GitLab Importer | Affected by | VCID-d4k9-se4n-4fh9 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.webjars.npm/bootstrap/CVE-2024-6484.yml | 37.0.0 |
| 2025-07-03T13:57:01.810834+00:00 | GitLab Importer | Affected by | VCID-d4k9-se4n-4fh9 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.webjars.npm/bootstrap/CVE-2024-6484.yml | 36.1.3 |
| 2025-07-01T14:35:18.498439+00:00 | GHSA Importer | Affected by | VCID-d4k9-se4n-4fh9 | https://github.com/advisories/GHSA-9mvj-f7w8-pvh2 | 36.1.3 |