Cross-site Scripting (XSS) Vulnerability in react-bootstrap-table's dataFormat Parameter

Cross-site Scripting (XSS) Vulnerability in react-bootstrap-table's dataFormat Parameter

CVE-2021-23398 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

All versions of package react-bootstrap-table are vulnerable to Cross-site Scripting (XSS) via the dataFormat parameter. The problem is triggered when an invalid React element is returned, leading to dangerouslySetInnerHTML being used, which does not sanitize the output.

Learn more about our Web Application Penetration Testing UK.