npm

Severity: moderate

Cross-Site Scripting

bootbox

Overview

All version of bootbox are vulnerable to Cross-Site Scripting. The package does not sanitize user input in the provided dialog boxes, allowing attackers to inject HTML code and execute arbitrary JavaScript.

Remediation

Sanitize user input being passed to bootbox or consider using an alternative package.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory Published
    May 14th, 2019
  2. reported

    Reported by Jesse Dahl
    May 7th, 2019