Unknown · React-Bootstrap-Table · CVE-2021-23398
**Name of the Vulnerable Software and Affected Versions**
react-bootstrap-table versions (all versions)
**Description**
The issue is related to Cross-site Scripting (XSS) via the `dataFormat` parameter. It occurs when an invalid React element is returned, causing `dangerouslySetInnerHTML` to be used without proper output sanitization.
**Recommendations**
For all versions, consider restricting the use of the `dataFormat` parameter until a fix is available, or ensure that only sanitized input is passed to this parameter to minimize the risk of exploitation.