CVEs-PoC/2021/CVE-2021-23398.md at main

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-02-12 18:42:46 +00:00

Files

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

873 B

Raw Permalink Blame History

CVE-2021-23398

Description

All versions of package react-bootstrap-table are vulnerable to Cross-site Scripting (XSS) via the dataFormat parameter. The problem is triggered when an invalid React element is returned, leading to dangerouslySetInnerHTML being used, which does not sanitize the output.

POC

Reference

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1314286
https://snyk.io/vuln/SNYK-JS-REACTBOOTSTRAPTABLE-1314285

Github

https://github.com/andystu/react-bootstrap-table-cve

873 B Raw Permalink Blame History

CVE-2021-23398

Description

POC

Reference

Github

873 B

Raw Permalink Blame History