CVE-2021-23398 – react-bootstrap-table

Package

Manager: npm
Name: react-bootstrap-table
Vulnerable Version: >=0 <=4.3.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00419 pctl0.61079

Details

Cross-site scripting in react-bootstrap-table All versions of package react-bootstrap-table are vulnerable to Cross-site Scripting (XSS) via the dataFormat parameter. The problem is triggered when an invalid React element is returned, leading to dangerouslySetInnerHTML being used, which does not sanitize the output.

Metadata

Created: 2021-12-10T18:58:49Z
Modified: 2021-07-01T21:48:39Z
Source: MANUAL
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-2589-w6xf-983r
Finding: F008
Auto approve: 1