VulnerableCode Package Details - pkg:npm/bootstrap-sass@2.0.0

Search for packages

Package details: pkg:npm/bootstrap-sass@2.0.0

Essentials
History (2)

purl	pkg:npm/bootstrap-sass@2.0.0

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	3.1

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-d4k9-se4n-4fh9 Aliases: CVE-2024-6484 GHSA-9mvj-f7w8-pvh2	Bootstrap Cross-Site Scripting (XSS) vulnerability A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the `data-slide` and `data-slide-to` attributes can be exploited through the href attribute of an `<a>` tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-03T13:57:01.875438+00:00	GitLab Importer	Affected by	VCID-d4k9-se4n-4fh9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/bootstrap-sass/CVE-2024-6484.yml	36.1.3
2025-07-01T14:35:18.645051+00:00	GHSA Importer	Affected by	VCID-d4k9-se4n-4fh9	https://github.com/advisories/GHSA-9mvj-f7w8-pvh2	36.1.3