CVE-2024-6484 - Vulnerability Details

This was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior fell outside the scope of Bootstrap’s security model, and the associated CVE has been rescinded.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

Advisories

Source	ID	Title
Debian DLA	DLA-4124-1	twitter-bootstrap3 security update
EUVD	EUVD-2024-2311	Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability
Github GHSA	GHSA-9mvj-f7w8-pvh2	Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability
Ubuntu USN	USN-7556-1	Bootstrap vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

No reference.

History

Fri, 01 Aug 2025 18:15:00 +0000

Type	Values Removed	Values Added
Title	XSS in Bootstrap carousel component
CPEs	cpe:2.3:a:bootstrap:carousel::::::::
Vendors & Products	Bootstrap Bootstrap carousel
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 01 Aug 2025 17:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-79
CPEs	cpe:2.3:a:getbootstrap:bootstrap::::::::
Vendors & Products	Getbootstrap Getbootstrap bootstrap
References	https://www.herodevs.com/vulnerability-directory/cve-2024-6484
Metrics	cvssV3_1 `{'score': 6.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L'}`

Fri, 01 Aug 2025 17:15:00 +0000

Type	Values Removed	Values Added
Description	A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.	This was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior fell outside the scope of Bootstrap’s security model, and the associated CVE has been rescinded.

Fri, 07 Feb 2025 20:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Getbootstrap Getbootstrap bootstrap
CPEs		cpe:2.3:a:getbootstrap:bootstrap::::::::
Vendors & Products		Getbootstrap Getbootstrap bootstrap

Thu, 23 Jan 2025 23:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Bootstrap Bootstrap carousel
CPEs		cpe:2.3:a:bootstrap:carousel::::::::
Vendors & Products		Bootstrap Bootstrap carousel
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Projects

Sign in to view the affected projects.

MITRE

Status: REJECTED

Assigner: HeroDevs

Published: 2024-07-11T17:03:30.969Z

Updated: 2025-08-01T17:09:30.604Z

Reserved: 2024-07-03T16:54:37.618Z

Link: CVE-2024-6484

Vulnrichment

Updated:

NVD

Status : Rejected

Published: 2024-07-11T17:15:17.007

Modified: 2025-08-01T17:15:27.833

Link: CVE-2024-6484

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

No weakness.

Metrics

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object