CVE-2023-25572

react-admin is a frontend framework for building browser applications on top of REST/GraphQL APIs. react-admin prior to versions 3.19.12 and 4.7.6, along with ra-ui-materialui prior to 3.19.12 and 4.7.6, are vulnerable to cross-site scripting. All React applications built with react-admin and usi...

EUVD-2023-0631

Malicious code in bioql PyPI...

@api-platform/admin (>=0.5.0 <=1.0.2), @bishoy_melek_wadie/react-admin-firebase (>=0.9.0 <=0.9.1) +69 more potentially affected by CVE-2023-25572 via react-admin (>=2.4.2 <=3.19.11)

react-admin NPM version =2.4.2, =0.5.0, =0.9.0, =0.0.1, =1.0.0, =0.6.5, =0.6.3, =0.8.11, =1.0.1, =1.0.0, =1.0.0, =1.2.0, =1.2.2 and more Source cves: CVE-2023-25572 Source advisory: OSV:GHSA-5JCR-82FH-339V...

@activitypods/react (>=2.0.0-alpha.13 <=2.2.0), @amplicode/addon-camunda (>=0.0.1-snapshot.1 <=0.0.1-snapshot.9) +56 more potentially affected by CVE-2023-25572 via react-admin (>=4.12.1 <=4.16.20)

react-admin NPM version =4.12.1, =2.0.0-alpha.13, =0.0.1-snapshot.1, =0.0.1-snapshot.1, =0.0.1, =3.0.0, =1.0.10, =0.0.1, =0.0.1, =0.0.1, =1.0.0, =0.0.4, =0.1.33, =4.0.0, =1.1.0, =1.0.0, =1.6.7 and more Source cves: CVE-2023-25572 Source advisory: OSV:GHSA-5JCR-82FH-339V...

GHSA-5JCR-82FH-339V Cross-Site-Scripting attack on `<RichTextField>`

Impact All React applications built with react-admin and using the are affected. outputs the field value using dangerouslySetInnerHTML without client-side sanitization. If the data isn't sanitized server-side, this opens a possible Cross-Site-Scripting XSS attack. Proof of concept: jsx import...

CVE-2023-25572

react-admin is a frontend framework for building browser applications on top of REST/GraphQL APIs. react-admin prior to versions 3.19.12 and 4.7.6, along with ra-ui-materialui prior to 3.19.12 and 4.7.6, are vulnerable to cross-site scripting. All React applications built with react-admin and usi...

Cross site scripting

react-admin is a frontend framework for building browser applications on top of REST/GraphQL APIs. react-admin prior to versions 3.19.12 and 4.7.6, along with ra-ui-materialui prior to 3.19.12 and 4.7.6, are vulnerable to cross-site scripting. All React applications built with react-admin and usi...

CVE-2023-25572 React-Admin vulnerable to Cross-Site-Scripting attack on `<RichTextField>`

react-admin is a frontend framework for building browser applications on top of REST/GraphQL APIs. react-admin prior to versions 3.19.12 and 4.7.6, along with ra-ui-materialui prior to 3.19.12 and 4.7.6, are vulnerable to cross-site scripting. All React applications built with react-admin and usi...

CVE-2023-25572 React-Admin vulnerable to Cross-Site-Scripting attack on `<RichTextField>`

react-admin is a frontend framework for building browser applications on top of REST/GraphQL APIs. react-admin prior to versions 3.19.12 and 4.7.6, along with ra-ui-materialui prior to 3.19.12 and 4.7.6, are vulnerable to cross-site scripting. All React applications built with react-admin and usi...

CVE-2023-25572

CVE-2023-25572 concerns react-admin and related RA UI Material-UI before 3.19.12/4.7.6, where the RichTextField outputs HTML via dangerouslySetInnerHTML without client-side sanitization. If server-side data isn’t sanitized, this enables cross-site scripting (XSS) across React applications built w...

CVE-2023-25572 React-Admin vulnerable to Cross-Site-Scripting attack on `<RichTextField>`

react-admin is a frontend framework for building browser applications on top of REST/GraphQL APIs. react-admin prior to versions 3.19.12 and 4.7.6, along with ra-ui-materialui prior to 3.19.12 and 4.7.6, are vulnerable to cross-site scripting. All React applications built with react-admin and usi...

react-admin 跨站脚本漏洞

react-admin is a front-end framework for building data-driven applications that run in the browser on top of a REST/GraphQL API, using ES6, React, and Material Design. A security vulnerability exists in react-admin versions 3.x prior to 3.19.12 and 4.x prior to 4.7.6, which stems from the presenc...