Vulnerability Details CVE-2021-23398
All versions of package react-bootstrap-table are vulnerable to Cross-site Scripting (XSS) via the dataFormat parameter. The problem is triggered when an invalid React element is returned, leading to dangerouslySetInnerHTML being used, which does not sanitize the output.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 61.1%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- https://github.com/AllenFang/react-bootstrap-table/blob/26d07defab759e4f9bce22d1d568690830b8d9d7/src/TableBody.js%23L114-L118
- https://github.com/AllenFang/react-bootstrap-table/issues/2071
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1314286
- https://snyk.io/vuln/SNYK-JS-REACTBOOTSTRAPTABLE-1314285
- https://github.com/AllenFang/react-bootstrap-table/blob/26d07defab759e4f9bce22d1d568690830b8d9d7/src/TableBody.js%23L114-L118
- https://github.com/AllenFang/react-bootstrap-table/issues/2071
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1314286
- https://snyk.io/vuln/SNYK-JS-REACTBOOTSTRAPTABLE-1314285
Products affected by CVE-2021-23398
-
cpe:2.3:a:react-bootstrap-table_project:react-bootstrap-table:-