Bootstrap: Carousel Component at Risk - Proactive Insights and Support For Open-Source Applications

In Bootstrap carousel component versions from 2.0.0 up to 3.4.1 a medium severity vulnerability CVE-2024-6484 was detected. This vulnerability can expose users to Cross-Site Scripting (XSS) attacks. The problem occurs because the data-slide and data-slide-to attributes are not properly sanitized, allowing attackers to insert malicious code through the href attribute of an tag. To address this issue users should upgrade to version 5.0.0-beta1 or higher. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6484 .