Bootstrap: Carousel Component Exposes Users to XSS Attacks

In Bootstrap versions from 4.0.0 up  to 4.6.2 a medium severity vulnerability CVE-2024-6531 was detected. This vulnerability can expose users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an tag due to inadequate sanitization. The vulnerability allows attackers to run arbitrary JavaScript in the victim’s browser. To address this issue, users should upgrade to versions 5.0.0-beta1 or higher. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6531.