Описание
Cross-Site Scripting in bootbox
All version of bootbox are vulnerable to Cross-Site Scripting. The package does not sanitize user input in the provided dialog boxes, allowing attackers to inject HTML code and execute arbitrary JavaScript.
Recommendation
Sanitize user input being passed to bootbox or consider using an alternative package.
Пакеты
Наименование
bootbox
npm
Затронутые версииВерсия исправления
<= 5.5.2
Отсутствует
Дефекты
CWE-64
CWE-79
Дефекты
CWE-64
CWE-79