CVE-2018-6341 PoC — React 跨站脚本漏洞

Source

Associated Vulnerability

Title:React 跨站脚本漏洞 (CVE-2018-6341)
Description:React是一款用于构建用户界面的JavaScript库。 React中存在跨站脚本漏洞，该漏洞源于程序使用ReactDOMServer API来进行HTML渲染，但在渲染时并没有转义用户提交的属性名称。远程攻击者可利用该漏洞注入任意的Web脚本或HTML。以下版本受到影响：React 16.0.x版本，16.1.x版本，16.2.x版本，16.3.x版本，16.4.x版本（次版本）。

Description

CVE-2018-6341

Readme

# CVE-2018-6341

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6341

A simple PoC to reproduce XSS vulnerability

## Steps
- `npm i`
- `npm run start`
- Go to `localhost:3006`

File Snapshot


 [4.0K]  /data/pocs/36154db699ed81d75803c4adc5a3205079b663ae
├── [1.1K]  index.js
├── [ 222]  package.json
├── [1.1M]  package-lock.json
├── [4.0K]  public
│   ├── [3.8K]  favicon.ico
│   ├── [1.7K]  index.html
│   ├── [5.2K]  logo192.png
│   ├── [9.4K]  logo512.png
│   ├── [ 492]  manifest.json
│   └── [  67]  robots.txt
└── [ 185]  README.md

1 directory, 10 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!