CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 1CVE-2018-6341
https://notcve.org/view.php?id=CVE-2018-6341
React applications which rendered to HTML using the ReactDOMServer API were not escaping user-supplied attribute names at render-time. That lack of escaping could lead to a cross-site scripting vulnerability. This issue affected minor releases 16.0.x, 16.1.x, 16.2.x, 16.3.x, and 16.4.x. It was fixed in 16.0.1, 16.1.2, 16.2.1, 16.3.3, and 16.4.2. Aplicaciones "react" que renderizaban a HTML mediante la API APIReactDOMServer no escapaban nombres de atributo proporcionados por el usuario a la hora de renderizar. • https://github.com/ossf-cve-benchmark/CVE-2018-6341 https://reactjs.org/blog/2018/08/01/react-v-16-4-2.html https://twitter.com/reactjs/status/1024745321987887104 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •