ADVISORIES
GEM
SEVERITY
CVSS v3.x: 6.4 (Medium)
UNAFFECTED VERSIONS
- < 4.0.0
PATCHED VERSIONS
- > 4.6.2
DESCRIPTION
A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.