From: =?utf-8?q?Bastien_Roucari=C3=A8s?= <rouca@debian.org>
Date: Sun, 13 Apr 2025 12:33:22 +0200
Subject: CVE-2024-6531
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit

An anchor element (<a>), when used for carousel navigation with a data-slide attribute,
can contain an href attribute value that is not subject to proper content sanitization.
Improper extraction of the intended target carousel’s #id from the href attribute
can lead to use cases where the click event’s preventDefault()
is not applied and the href is evaluated and executed.
As a result, restrictions are not applied to the data that is evaluated, which
can lead to potential XSS vulnerabilities.

return false in case of error that will avoid the XSS attack, and avoid further
treatment by the handler.

bug: https://www.herodevs.com/vulnerability-directory/cve-2024-6531
bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084059
bug-debian-security: https://security-tracker.debian.org/tracker/CVE-2024-6531
---
 js/src/carousel.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/js/src/carousel.js b/js/src/carousel.js
index 18732d0..9447da6 100644
--- a/js/src/carousel.js
+++ b/js/src/carousel.js
@@ -543,13 +543,13 @@ class Carousel {
     const selector = Util.getSelectorFromElement(this)
 
     if (!selector) {
-      return
+      return false
     }
 
     const target = $(selector)[0]
 
     if (!target || !$(target).hasClass(CLASS_NAME_CAROUSEL)) {
-      return
+      return false
     }
 
     const config = {