CVE-2024-6531

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Published Jul 11, 2024
Updated: Jul 12, 2024
CWE ID 79

Summary

CVE-2024-6531 is a newly identified Cross-Site Scripting (XSS) vulnerability affecting the Bootstrap carousel component. The weakness lies in the inadequate sanitization of the data-slide and data-slide-to attributes in the <a> tag's href property. Malicious actors can exploit this vulnerability to inject and execute arbitrary JavaScript code within a user's browser, potentially gaining unauthorized access or stealing sensitive information. This issue poses a significant threat to websites using the Bootstrap carousel component and necessitates immediate mitigation efforts.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share