Lucene search
GoogleOSV:CVE-2018-6341HistoryDec 31, 2018 - 10:29 p.m.
CVE-2018-6341
2018-12-3122:29:00
Google
osv.dev
3
0.001 Low
EPSS
Percentile
36.1%
React applications which rendered to HTML using the ReactDOMServer API were not escaping user-supplied attribute names at render-time. That lack of escaping could lead to a cross-site scripting vulnerability. This issue affected minor releases 16.0.x, 16.1.x, 16.2.x, 16.3.x, and 16.4.x. It was fixed in 16.0.1, 16.1.2, 16.2.1, 16.3.3, and 16.4.2.
| CPE | Name | Operator | Version |
|---|---|---|---|
| react | eq | 16.3.0-alpha.1 | |
| react | eq | 16.3.0-alpha.3 | |
| react | eq | 16.3.2 | |
| react | eq | 16.1.0-beta | |
| react | eq | 16.3.0-rc.0 | |
| react | eq | 16.3.0-alpha.2 | |
| react | eq | 16.3.1 | |
| react | eq | 16.1.0 | |
| react | eq | 16.2.0 | |
| react | eq | 16.4.0 |
Related
cve
cve
CVE-2018-6341
2018-12-31 22:29:00
osv
osv
Cross-Site Scripting in react-dom
2019-01-04 19:05:35
cvelist
cvelist
CVE-2018-6341
2018-12-31 22:00:00
nodejs
nodejs
Cross-Site Scripting
2019-11-29 19:18:16
veracode
veracode
Cross-site Scripting (XSS)
2018-08-06 08:54:22
github
github
Cross-Site Scripting in react-dom
2019-01-04 19:05:35
prion
prion
Cross site scripting
2018-12-31 22:29:00
nvd
nvd
CVE-2018-6341
2018-12-31 22:29:00
