Lucene search
GoogleOSV:GHSA-MVJJ-GQQ2-P4HWHistoryJan 04, 2019 - 7:05 p.m.
Cross-Site Scripting in react-dom
2019-01-0419:05:35
Google
osv.dev
17
0.001 Low
EPSS
Percentile
36.1%
Affected versions of react-dom are vulnerable to Cross-Site Scripting (XSS). The package fails to validate attribute names in HTML tags which may lead to Cross-Site Scripting in specific scenarios. This may allow attackers to execute arbitrary JavaScript in the victim’s browser. To be affected by this vulnerability, the application needs to:
- be a server-side React app
- be rendered to HTML using
ReactDOMServer - include an attribute name from user input in an HTML tag
Recommendation
If you are using react-dom 16.0.x, upgrade to 16.0.1 or later.
If you are using react-dom 16.1.x, upgrade to 16.1.2 or later.
If you are using react-dom 16.2.x, upgrade to 16.2.1 or later.
If you are using react-dom 16.3.x, upgrade to 16.3.3 or later.
If you are using react-dom 16.4.x, upgrade to 16.4.2 or later.
Related
nodejs
nodejs
Cross-Site Scripting
2019-11-29 19:18:16
veracode
veracode
Cross-site Scripting (XSS)
2018-08-06 08:54:22
github
github
Cross-Site Scripting in react-dom
2019-01-04 19:05:35
cve
cve
CVE-2018-6341
2018-12-31 22:29:00
cvelist
cvelist
CVE-2018-6341
2018-12-31 22:00:00
prion
prion
Cross site scripting
2018-12-31 22:29:00
osv
osv
CVE-2018-6341
2018-12-31 22:29:00
nvd
nvd
CVE-2018-6341
2018-12-31 22:29:00
