Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
WS-2019-0336
Good to know:
Date: December 17, 2019
Cross-Site Scripting vulnerability found in react before 0.14.0. The package's createElement function fails to properly validate its input object, allowing attackers to execute arbitrary JavaScript in a victim's browser.
Language: JS
Severity Score
Severity Score
Weakness Type (CWE)
Top Fix
Upgrade Version
Upgrade to version react - no_fix;elefant/cms - elefant_2_0_0_stable;elefant/cms - no_fix;elefant/cms - elefant_0_9_0_alpha;xpressengine/xpressengine - dev-fix/plugin;xpressengine/xpressengine - dev-feature/scheduledPlugin;react.js - 0.14.7;React - 0.8.0.1;ctl/laz - no_fix;drupalchamp/crypto_distribution - no_fix;T1.Scripts - 0.1.0.1;T1.Scripts - no_fix;gintonicweb/websockets - no_fix;guitarpoet/clips-tool - dev-picture;react - 0.14.0;phifty/adminui - no_fix;talyssonoc/react-laravel - v0.10;reactjs - no_fix;gintonicweb/twbs-theme - no_fix;acosf/archersys - 1.0;bitsoflove/react-laravel - v0.10;org.webjars:react:0.13.0;org.webjars:react:0.14.0;org.webjars.npm:react:0.14.0-beta1;org.webjars.bower:vaadin-core-elements:1.1.0;org.webjars.npm:globalize:1.2.2;org.webjars.npm:muicss:0.4.8;org.webjars.npm:react-tag-input:no_fix;org.webjars.bower:react:0.13.3;org.webjars:jsx-requirejs-plugin:no_fix
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | REQUIRED |
| Scope (S): | CHANGED |
| Confidentiality (C): | LOW |
| Integrity (I): | LOW |
| Availability (A): | NONE |