Wiz
Vulnerability DatabaseCVE-2021-23398

CVE-2021-23398
JavaScript vulnerability analysis and mitigation

Overview

All versions of the react-bootstrap-table package are vulnerable to Cross-site Scripting (XSS) via the dataFormat parameter. The vulnerability was discovered on April 18, 2019, and was assigned CVE-2021-23398. This security issue affects all versions of the package, with no fixed version available (CVE Details, Snyk Report).

Technical details

The vulnerability is triggered when an invalid React element is returned, leading to dangerouslySetInnerHTML being used, which does not sanitize the output. The issue has a CVSS v3.1 base score of 6.1 (medium severity), with attack vector being Network, attack complexity Low, requiring no privileges, but user interaction is Required, and the scope is Changed (Snyk Report).

Impact

When exploited, this vulnerability can lead to cross-site scripting attacks, potentially allowing attackers to steal cookies, hijack user sessions, expose sensitive information, enable access to privileged services and functionality, and deliver malware. The vulnerability affects both confidentiality and integrity at a Low level, while there is no impact on availability (Snyk Report).

Mitigation and workarounds

Currently, there is no fixed version available for the react-bootstrap-table package. As best practices, it is recommended to sanitize data input in HTTP requests before reflecting it back, ensure all data is validated, filtered or escaped, convert special characters to their HTML or URL encoded equivalents, and implement a Content Security Policy (Snyk Report).

Additional resources

SourceThis report was generated using AI

Related JavaScript vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-59145HIGH8.8
  • JavaScriptJavaScript
  • color-name
NoYesSep 15, 2025
CVE-2025-59331HIGH8.8
  • JavaScriptJavaScript
  • is-arrayish
NoYesSep 15, 2025
CVE-2025-59330HIGH8.8
  • JavaScriptJavaScript
  • error-ex
NoYesSep 15, 2025
CVE-2025-59333HIGH8.1
  • JavaScriptJavaScript
  • @executeautomation/database-server
NoNoSep 16, 2025
CVE-2025-59160LOW2.7
  • JavaScriptJavaScript
  • node-matrix-js-sdk
NoYesSep 16, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo