CVE-2022-1726

Name of the Vulnerable Software and Affected Versions bootstrap-table versions prior to 1.20.2

Description The issue allows for a XSS vulnerability with the Table Export plug-in when exportOptions: htmlContent is set to true. This can lead to disclosing session cookies, disclosing secure session data, and exfiltrating data to third-parties.

Recommendations For versions prior to 1.20.2, update to version 1.20.2 or later to resolve the issue. As a temporary workaround, consider setting exportOptions: htmlContent to false until a patch is applied. Restrict access to the Table Export plug-in to minimize the risk of exploitation.