@carlsonp/kort (>=0.9.1 <=1.0.1), @concretecms/bedrock (=0.9.3) +26 more potentially affected by CVE-2023-46998 via bootbox (>=4.4.0 <=6.0.0)

bootbox NPM version =4.4.0, =0.9.1, =1.0.9, =2.0.3, =0.2.2, =0.0.6, =1.0.0, =1.0.0, =0.0.2, =0.0.1, =0.0.3, =1.0.0, =1.1.1 - botkit-socket-client =0.0.1 and more Source cves: CVE-2023-46998 Source advisory: OSV:GHSA-M4CH-4M5F-2GP6...

GHSA-M4CH-4M5F-2GP6 Bootbox.js Cross Site Scripting vulnerability

Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2 through 6.0 allows a remote attacker to execute arbitrary code via a crafted payload to alert, confirm, prompt functions...

Cross-Site Scripting(XSS)

bootbox is vulnerable to Cross Site Scripting XSS. The vulnerability is due to lack of sanitization of user input in dialog boxes. This allows an attacker to inject arbitrary Javascript code...

CVE-2023-46998

Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2 through 6.0 allows a remote attacker to execute arbitrary code via a crafted payload to alert, confirm, prompt functions...

CVE-2023-46998

CVE-2023-46998 describes a Cross Site Scripting vulnerability in Bootbox.js versions 3.2 through 6.0. The issue allows a remote attacker to execute arbitrary code by sending a crafted payload to alert(), confirm(), or prompt() functions. The connected documents confirm the affected product and vu...

CVE-2023-46998

Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2 through 6.0 allows a remote attacker to execute arbitrary code via a crafted payload to alert, confirm, prompt functions...

@carlsonp/kort (>=0.9.1 <=1.0.0), @goldenplanet/jquery (>=1.0.9 <=1.0.12) +19 more potentially affected by unknown CVE via bootbox (>=4.4.0 <=5.3.4)

bootbox NPM version =4.4.0, =0.9.1, =1.0.9, =2.0.3, =0.2.2, =0.0.6, =1.0.0, =0.0.2, =0.0.1, =0.0.3, =4.3.0, =1.0.1, =1.0.0, =3.3.2 and more Source cves: unknown CVE Source advisory: OSV:GHSA-87MG-H5R3-HW88...

Cross-Site Scripting in bootbox

All version of bootbox are vulnerable to Cross-Site Scripting. The package does not sanitize user input in the provided dialog boxes, allowing attackers to inject HTML code and execute arbitrary JavaScript. Recommendation Sanitize user input being passed to bootbox or consider using an alternativ...

GHSA-87MG-H5R3-HW88 Cross-Site Scripting in bootbox

All version of bootbox are vulnerable to Cross-Site Scripting. The package does not sanitize user input in the provided dialog boxes, allowing attackers to inject HTML code and execute arbitrary JavaScript. Recommendation Sanitize user input being passed to bootbox or consider using an alternativ...

Cross-Site Scripting

Overview All version of bootbox are vulnerable to Cross-Site Scripting. The package does not sanitize user input in the provided dialog boxes, allowing attackers to inject HTML code and execute arbitrary JavaScript. Recommendation Sanitize user input being passed to bootbox or consider using an...

Node.js third-party modules: XSS in Bootbox

Hi. Sorry for taking the time with this report. This is already publicly disclosed issue at -https://github.com/makeusabrew/bootbox/issues/661 In essence all dialogs of bootbox vulnurable to XSS injections bootbox.alert"\alert1;"; This is apparently a feature to allow injecting HTML in messages...