CVE-2023-25572

🗓️ 13 Feb 2023 21:15:15Reported by GitHub_MType

react-admin, XSS vulnerability, upgrade to versions 3.19.12 and 4.7.

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 9
Vulnrichment	CVE-2023-25572 React-Admin vulnerable to Cross-Site-Scripting attack on `<RichTextField>`	13 Feb 202320:49	–	vulnrichment
OSV	GHSA-5JCR-82FH-339V Cross-Site-Scripting attack on `<RichTextField>`	14 Feb 202300:32	–	osv
OSV	CVE-2023-25572	13 Feb 202321:15	–	osv
Veracode	Cross-site Scripting (XSS)	14 Feb 202303:19	–	veracode
Cvelist	CVE-2023-25572 React-Admin vulnerable to Cross-Site-Scripting attack on `<RichTextField>`	13 Feb 202320:49	–	cvelist
Prion	Cross site scripting	13 Feb 202321:15	–	prion
NVD	CVE-2023-25572	13 Feb 202321:15	–	nvd
Github Security Blog	Cross-Site-Scripting attack on `<RichTextField>`	14 Feb 202300:32	–	github
Wallarm Lab	Predictions for 2023 from Latest API Threat Research \| API Security Newsletter	9 Mar 202313:10	–	wallarmlab

Nvd

Vulners

Node

marmelab ra-ui-materialuiRange<3.9.12node.js

marmelab ra-ui-materialuiRange4.0.0–4.7.6node.js

marmelab react-adminRange<3.9.12node.js

marmelab react-adminRange4.0.0–4.7.6node.js

[
  {
    "vendor": "marmelab",
    "product": "react-admin",
    "versions": [
      {
        "version": "< 3.19.12",
        "status": "affected"
      },
      {
        "version": ">= 4.0.0, < 4.7.6",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/marmelab/react-admin/pull/8645
github	www.github.com/marmelab/react-admin/security/advisories/GHSA-5jcr-82fh-339v
github	www.github.com/marmelab/react-admin/releases/tag/v3.19.12
github	www.github.com/marmelab/react-admin/releases/tag/v4.7.6
github	www.github.com/marmelab/react-admin/pull/8644

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

13 Feb 2023 21:15Current

5.3Medium risk

Vulners AI Score5.3

CVSS35.4

EPSS0.00914

SSVC

CWE-79