Cross site scripting

2018-12-3122:29:00

PRIOn knowledge base

www.prio-n.com

6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.1%

JSON

React applications which rendered to HTML using the ReactDOMServer API were not escaping user-supplied attribute names at render-time. That lack of escaping could lead to a cross-site scripting vulnerability. This issue affected minor releases 16.0.x, 16.1.x, 16.2.x, 16.3.x, and 16.4.x. It was fixed in 16.0.1, 16.1.2, 16.2.1, 16.3.3, and 16.4.2.

CPENameOperatorVersion
reactge16.0.0
reactlt16.0.1
reactge16.1.0
reactlt16.1.2
reactge16.2.0
reactlt16.2.1
reactge16.3.0
reactlt16.3.3
reactge16.4.0
reactlt16.4.2