Vulnerabilities

CVE-2021-23398

by Fred · 24/06/2021

All versions of package react-bootstrap-table are vulnerable to Cross-site Scripting (XSS) via the dataFormat parameter. The problem is triggered when an invalid React element is returned, leading to dangerouslySetInnerHTML being used, which does not sanitize the output.

Date published : 2021-06-24

https://github.com/AllenFang/react-bootstrap-table/blob/26d07defab759e4f9bce22d1d568690830b8d9d7/src/TableBody.js%23L114-L118

https://github.com/AllenFang/react-bootstrap-table/issues/2071

Similar

Tags: Cybersecurity Alert