CVE-2023-46998

MEDIUM

BootBox Bootbox.js <6.0 - XSS

Title source: llm

Description

Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2 through 6.0 allows a remote attacker to execute arbitrary code via a crafted payload to alert(), confirm(), prompt() functions.

Exploits (1)

nomisec WRITEUP 1 stars

by soy-oreocato · poc

https://github.com/soy-oreocato/CVE-2023-46998

View Code ZIP pw:eip

References (2)

[Issue Tracking] https://github.com/bootboxjs/bootbox/issues/661

[Exploit, Vendor Advisory] https://github.com/soy-oreocato/CVE-2023-46998/

Scores

CVSS v3 6.1

EPSS 0.3892

EPSS Percentile 97.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (2)

bootboxjs/bootbox 3.2.0 - 6.0.0

npm/bootbox 3.2.0npm

Published Nov 07, 2023

Tracked Since Feb 18, 2026