CVE-2023-46998

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in npm/bootbox

Identifiers

CVE-2023-46998

Package Slug

npm/bootbox

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2 through 6.0 allows a remote attacker to execute arbitrary code via a crafted payload to alert(), confirm(), prompt() functions.

Affected Versions

All versions starting from 3.2 up to 6.0

Solution

Unfortunately, there is no solution available yet.

Last Modified

2023-11-16

source