CVE-2021-23398

MEDIUM

react-bootstrap-table - Cross-Site Scripting via dataFormat Parameter

Title source: llm
STIX 2.1

Description

All versions of package react-bootstrap-table are vulnerable to Cross-site Scripting (XSS) via the dataFormat parameter. The problem is triggered when an invalid React element is returned, leading to dangerouslySetInnerHTML being used, which does not sanitize the output.

References (4)

Core 4

Scores

CVSS v3 6.1
EPSS 0.0134
EPSS Percentile 68.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (2)
npm/react-bootstrap-table 0npm
react-bootstrap-table_project/react-bootstrap-table
Published Jun 24, 2021
Tracked Since Feb 18, 2026