We found results for “


Good to know:


Date: March 20, 2013

Versions of @hapi/boom prior t 0.3.8 are vulnerable to Cross-Site Scripting (XSS). The package fails to properly escape error messages, which may allow attackers to execute arbitrary JavaScript in a victim's browser.

Language: JS

Severity Score

Severity Score

Top Fix


Upgrade Version

Upgrade to version 0.3.8

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privilegs Required (PR): NONE
User Interaction (UI): NONE
Scope (S): CHANGED
Confidentiality (C): HIGH
Integrity (I): LOW
Availability (A): NONE

Do you need more information?

Contact Us