All versions of package react-bootstrap-table are vulnerable to Cross-site Scripting (XSS) via the dataFormat parameter. The problem is triggered when an invalid React element is returned, leading to dangerouslySetInnerHTML being used, which does not sanitize the output.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: snyk

Published: 2021-06-24T15:00:12.133838Z

Updated: 2024-09-17T00:46:54.673Z

Reserved: 2021-01-08T00:00:00

Link: CVE-2021-23398

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-06-24T15:15:08.210

Modified: 2024-11-21T05:51:38.710

Link: CVE-2021-23398

cve-icon Redhat

No data.