Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2018-6341

React applications which rendered to HTML using the ReactDOMServer API were not escaping user-supplied attribute names at render-time. That lack of escaping could lead to a cross-site scripting vulnerability. This issue affected minor releases 16.0.x, 16.1.x, 16.2.x, 16.3.x, and 16.4.x. It was fixed in 16.0.1, 16.1.2, 16.2.1, 16.3.3, and 16.4.2.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.146
EPSS Ranking 94.1%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
Products affected by CVE-2018-6341
  • Facebook » React » Version: 16.0.0
    cpe:2.3:a:facebook:react:16.0.0
  • Facebook » React » Version: 16.1.0
    cpe:2.3:a:facebook:react:16.1.0
  • Facebook » React » Version: 16.1.1
    cpe:2.3:a:facebook:react:16.1.1
  • Facebook » React » Version: 16.2.0
    cpe:2.3:a:facebook:react:16.2.0
  • Facebook » React » Version: 16.3.0
    cpe:2.3:a:facebook:react:16.3.0
  • Facebook » React » Version: 16.3.1
    cpe:2.3:a:facebook:react:16.3.1
  • Facebook » React » Version: 16.3.2
    cpe:2.3:a:facebook:react:16.3.2
  • Facebook » React » Version: 16.4.0
    cpe:2.3:a:facebook:react:16.4.0
  • Facebook » React » Version: 16.4.1
    cpe:2.3:a:facebook:react:16.4.1


Products
Pricing
Contact Us

Shodan ® - All rights reserved