CVE-2021-23398: Cross-site Scripting (XSS)

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-23398

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Cross-site Scripting (XSS)

Source: NVD (National Vulnerability Database)

Vulnerability Description

All versions of package react-bootstrap-table are vulnerable to Cross-site Scripting (XSS) via the dataFormat parameter. The problem is triggered when an invalid React element is returned, leading to dangerouslySetInnerHTML being used, which does not sanitize the output.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

react-bootstrap-table 跨站脚本漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

react-bootstrap-table是一个软件包。它是使用React.js构建的Bootstrap 表。 package react-bootstrap-table存在跨站脚本漏洞，该漏洞源于当返回无效的React元素时，会触发该问题，导致使用危险的setinnerhtml，它不会对输出进行无害化处理。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	react-bootstrap-table	0 ~ unspecified	-

II. Public POCs for CVE-2021-23398

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2021-23398

Please Login to view more intelligence information

https://github.com/AllenFang/react-bootstrap-table/blob/26d07defab759e4f9bce22d1d568690830b8d9d7/src/TableBody.js%23L114-L118x_refsource_MISC
https://github.com/AllenFang/react-bootstrap-table/issues/2071x_refsource_MISC
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1314286x_refsource_MISC
https://snyk.io/vuln/SNYK-JS-REACTBOOTSTRAPTABLE-1314285x_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2021-23398

IV. Related Vulnerabilities

Same vendor: n/a

V. Comments for CVE-2021-23398

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2021-23398

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2021-23398

III. Intelligence Information for CVE-2021-23398

IV. Related Vulnerabilities

V. Comments for CVE-2021-23398

Leave a comment