CVE-2021-23398
MEDIUMreact-bootstrap-table - Cross-Site Scripting via dataFormat Parameter
Title source: llmDescription
All versions of package react-bootstrap-table are vulnerable to Cross-site Scripting (XSS) via the dataFormat parameter. The problem is triggered when an invalid React element is returned, leading to dangerouslySetInnerHTML being used, which does not sanitize the output.
References (4)
Core 4
Core References
Exploit, Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-JS-REACTBOOTSTRAPTABLE-1314285
Exploit, Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1314286
Broken Link x_refsource_misc
https://github.com/AllenFang/react-bootstrap-table/blob/26d07defab759e4f9bce22d1d568690830b8d9d7/src/TableBody.js%23L114-L118
Exploit, Third Party Advisory x_refsource_misc
https://github.com/AllenFang/react-bootstrap-table/issues/2071
Scores
CVSS v3
6.1
EPSS
0.0134
EPSS Percentile
68.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
npm/react-bootstrap-table
0npm
react-bootstrap-table_project/react-bootstrap-table
Published
Jun 24, 2021
Tracked Since
Feb 18, 2026