PT-2021-15490 · Unknown · React-Bootstrap-Table

Michael Rodov

Published

2021-06-24

Updated

2021-12-10

CVE-2021-23398

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions react-bootstrap-table versions (all versions)

Description The issue is related to Cross-site Scripting (XSS) via the dataFormat parameter. It occurs when an invalid React element is returned, causing dangerouslySetInnerHTML to be used without proper output sanitization.

Recommendations For all versions, consider restricting the use of the dataFormat parameter until a fix is available, or ensure that only sanitized input is passed to this parameter to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-23398

GHSA-2589-W6XF-983R

SNYK-JAVA-ORGWEBJARSNPM-1314286

SNYK-JS-REACTBOOTSTRAPTABLE-1314285

Affected Products

React-Bootstrap-Table

PT-2021-15490 · Unknown · React-Bootstrap-Table

CVE-2021-23398

Weakness Enumeration

Related Identifiers

Affected Products

References · 7