CVE-2021-23472

Public Exploit

Cross-site Scripting (XSS)

Description

This affects versions before 1.19.1 of package bootstrap-table. A type confusion vulnerability can lead to a bypass of input sanitization when the input provided to the escapeHTML function is an array (instead of a string) even if the escape attribute is set.

References

Link	Tags
https://snyk.io/vuln/SNYK-JS-BOOTSTRAPTABLE-1657597	mitigation exploit vdb entry third party advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBWENZHIXIN-1910687	mitigation exploit vdb entry third party advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1910688	mitigation exploit vdb entry third party advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1910689	mitigation exploit vdb entry third party advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1910690	mitigation exploit vdb entry third party advisory
https://github.com/wenzhixin/bootstrap-table/blob/develop/src/utils/index.js%23L218	third party advisory broken link
https://security.snyk.io/vuln/SNYK-JS-BOOTSTRAPTABLE-1657597	exploit third party advisory patch

Frequently Asked Questions

What is the severity of CVE-2021-23472?: CVE-2021-23472 has been scored as a low severity vulnerability.
How to fix CVE-2021-23472?: To fix CVE-2021-23472, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-23472 being actively exploited in the wild?: It is possible that CVE-2021-23472 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-23472?: CVE-2021-23472 affects n/a bootstrap-table.

Description

Category

CWE-843 – Access of Resource Using Incompatible Type ('Type Confusion')

References

Frequently Asked Questions