Cross-Site Scripting in bootbox

2019-05-30T17:23:28
ID GHSA-87MG-H5R3-HW88
Type github
Reporter GitHub Advisory Database
Modified 2020-08-31T18:39:15

Description

All version of bootbox are vulnerable to Cross-Site Scripting. The package does not sanitize user input in the provided dialog boxes, allowing attackers to inject HTML code and execute arbitrary JavaScript.

Recommendation

Sanitize user input being passed to bootbox or consider using an alternative package.