CVSS 3.1 Score 6.1 of 10 (medium)


Published Nov 7, 2023
Updated: Dec 20, 2023


CVE-2023-46998 is a Cross Site Scripting vulnerability found in BootBox Bootbox.js versions 3.2 through 6.0. It allows a remote attacker to execute arbitrary code by exploiting the alert(), confirm(), and prompt() functions. The vulnerability affects multiple products, including t0TPun, t0TPum, t0TPul, t0TPuk, t0TPuj, t0TPui, t0TPuh, t0TPug, t3ovJl, t0TPup, t0TPuo, t0TPuX, t0TPuW, t0TPuV, t0TPuf, t0TPue, t0TPud, t0TPuc, t0TPub, t0TPua, and t0TPuZ. To remediate this issue and prevent potential danger to organizations using the affected products, it is recommended to update BootBox Bootbox.js to a version beyond 6.1 that includes a fix for this vulnerability.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-46998 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options