Vulnerability Description
All versions of package react-bootstrap-table are vulnerable to Cross-site Scripting (XSS) via the dataFormat parameter. The problem is triggered when an invalid React element is returned, leading to dangerouslySetInnerHTML being used, which does not sanitize the output.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| React-Bootstrap-Table Project | React-Bootstrap-Table | - |
Related Weaknesses (CWE)
References
- https://github.com/AllenFang/react-bootstrap-table/blob/26d07defab759e4f9bce22d1Broken Link
- https://github.com/AllenFang/react-bootstrap-table/issues/2071ExploitThird Party Advisory
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1314286ExploitThird Party Advisory
- https://snyk.io/vuln/SNYK-JS-REACTBOOTSTRAPTABLE-1314285ExploitThird Party Advisory
- https://github.com/AllenFang/react-bootstrap-table/blob/26d07defab759e4f9bce22d1Broken Link
- https://github.com/AllenFang/react-bootstrap-table/issues/2071ExploitThird Party Advisory
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1314286ExploitThird Party Advisory
- https://snyk.io/vuln/SNYK-JS-REACTBOOTSTRAPTABLE-1314285ExploitThird Party Advisory
FAQ
What is CVE-2021-23398?
CVE-2021-23398 is a vulnerability with a CVSS score of 6.1 (MEDIUM). All versions of package react-bootstrap-table are vulnerable to Cross-site Scripting (XSS) via the dataFormat parameter. The problem is triggered when an invalid React element is returned, leading to ...
How severe is CVE-2021-23398?
CVE-2021-23398 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-23398?
Check the references section above for vendor advisories and patch information. Affected products include: React-Bootstrap-Table Project React-Bootstrap-Table.