Cross-site Scripting (XSS)
CVE-2021-23472

3.1LOW

Key Information:

Vendor: Bootstrap-table
Status: Bootstrap-table
Vendor: CVE Published:; 3 November 2021

🔔 Create Bootstrap-table Vulnerability Alert

What is CVE-2021-23472?

This affects versions before 1.19.1 of package bootstrap-table. A type confusion vulnerability can lead to a bypass of input sanitization when the input provided to the escapeHTML function is an array (instead of a string) even if the escape attribute is set.

Affected Version(s)

bootstrap-table <1.19.1

References

https://snyk.io/vuln/SNYK-JS-BOOTSTRAPTABLE-1657597

x_refsource_MISC

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBWENZH...

x_refsource_MISC

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1910688

x_refsource_MISC

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 3, 2021
Vulnerability Reserved
Jan 8, 2021

Credit

Alessio Della Libera of Snyk Research Team

CVE-2021-23472 Data

.