CVE-2023-46998

Опубликовано: 07 нояб. 2023

Источник: debian

EPSS Средний

Описание

Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2 through 6.0 allows a remote attacker to execute arbitrary code via a crafted payload to alert(), confirm(), prompt() functions.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
libjs-bootbox	fixed	6.0.3~ds-1	experimental	package
libjs-bootbox	unfixed			package
libjs-bootbox	postponed		trixie	package
libjs-bootbox	postponed		bookworm	package
libjs-bootbox	no-dsa		bullseye	package
libjs-bootbox	postponed		buster	package

Примечания

https://github.com/bootboxjs/bootbox/issues/661

EPSS

Процентиль: 97%

0.3892

Средний

Связанные уязвимости

CVE-2023-46998

CVSS3: 6.1

ubuntu

больше 2 лет назад

Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2 through 6.0 allows a remote attacker to execute arbitrary code via a crafted payload to alert(), confirm(), prompt() functions.

CVE-2023-46998

CVSS3: 6.5

redhat

около 2 лет назад

Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2 through 6.0 allows a remote attacker to execute arbitrary code via a crafted payload to alert(), confirm(), prompt() functions.

CVE-2023-46998

CVSS3: 6.1

nvd

больше 2 лет назад

Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2 through 6.0 allows a remote attacker to execute arbitrary code via a crafted payload to alert(), confirm(), prompt() functions.

GHSA-m4ch-4m5f-2gp6

CVSS3: 6.1

github

около 2 лет назад

Bootbox.js Cross Site Scripting vulnerability

EPSS

Процентиль: 97%

0.3892

Средний