Lucene search

Veracode Vulnerability DatabaseVERACODE:44189

HistoryNov 08, 2023 - 7:11 a.m.

Cross-Site Scripting(XSS)

2023-11-0807:11:10

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

cross-site scripting

bootbox

vulnerability

input sanitization

user input

javascript code

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.3%

JSON

bootbox is vulnerable to Cross Site Scripting (XSS). The vulnerability is due to lack of sanitization of user input in dialog boxes. This allows an attacker to inject arbitrary Javascript code.

CPENameOperatorVersion
bootboxle6.0.0
bootboxle6.0.0

CPE	Name	Operator	Version
	bootbox	le	6.0.0
	bootbox	le	6.0.0

References

github.com/bootboxjs/bootbox/issues/661

github.com/soy-oreocato/CVE-2023-46998/

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.3%

JSON

Related for VERACODE:44189