First published: Tue Nov 14 2023(Updated: )
Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2 through 6.0 allows a remote attacker to execute arbitrary code via a crafted payload to alert(), confirm(), prompt() functions.
Affected Software | Affected Version | How to fix |
---|---|---|
npm/bootbox | >=3.2.0<=6.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is GHSA-m4ch-4m5f-2gp6.
The severity of this vulnerability is medium.
The software affected by this vulnerability is BootBox Bootbox.js v.3.2 through 6.0.
An attacker can exploit this vulnerability by executing arbitrary code via a crafted payload to the alert(), confirm(), and prompt() functions.
Yes, a fix is available for this vulnerability. It is recommended to update to a version higher than 6.0.0 of Bootbox.js.