CVE-2024-6484
XSS in Bootstrap carousel componentA vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.
We have discovered 882,349 live websites that are affected by CVE-2024-6484.
Affected Software
| Product |  Bootstrap |
| Category | UI Frameworks |
| Vulnerable Domains | 882,349 live websites (40.36% of Bootstrap install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 52 versions ( 10.36% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Jul 11, 2024
- Updated - Jan 23, 2025
Credits
- K (finder)
CWE
CVE References
CWE References
CVE-2024-6484 usage by Country
 United States | 381,664 websites |
 Germany | 63,288 websites |
 France | 46,648 websites |
 Cyprus | 41,408 websites |
 Netherlands | 33,143 websites |
 GB | 24,880 websites |
 Japan | 21,738 websites |
 Russia | 21,487 websites |
 Poland | 18,114 websites |
 Brazil | 17,533 websites |
CVE-2024-6484 usage by TLD
| .com | 403,468 websites |
| .org | 41,424 websites |
| .de | 29,744 websites |
| .net | 28,276 websites |
| .co.uk | 21,876 websites |
| .nl | 20,972 websites |
| .com.br | 20,046 websites |
| .ru | 18,987 websites |
| .fr | 17,566 websites |
| .pl | 15,728 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-6484
Top websites that are affected by CVE-2024-6484. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ********.com | United States | *** | |
| ******.com | United States | *** | |
| **.com |  Singapore | *** | |
| *********.com | United States | *** | |
| *******.org | United States | *,*** | |
| ********.com | United States | *,*** | |
| *****.******.com | United States | *,*** | |
| ***.org | France | *,*** | |
| ****.org | United States | *,*** | |
| ************.com | United States | *,*** |
FAQ
CVE-2024-6484 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Bootstrap
A total of 882,349 websites have been identified as vulnerable to CVE-2024-6484, discovered through global website indexing conducted by WebTechSurvey.
Bootstrap is susceptible to CVE-2024-6484 vulnerability.
Bootstrap versions before, and including, 3.4.1 are vulnerable to CVE-2024-6484.