tiesont
commented
3 months ago No, no plans at the moment. Frankly, I consider it out of scope for Bootbox.
That being said, at some point we'll probably rewrite the core of Bootbox to use only plain JavaScript (to remove our jQuery dependency) but there's no roadmap for that either. That work would probably address most of the issues noted in that advisory.
Dear Bootbox development community,
May I know if we have any plan to fix CVE-2023-46998? And may I know the ETA of the new release?
Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2 through 6.0 allows a remote attacker to execute arbitrary code via a crafted payload to alert(), confirm(), prompt() functions.
Appreciate your feedback.