Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Facebook Subscribe
Filtered by product React
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-6341 1 Facebook 1 React 2019-10-09 4.3 MEDIUM 6.1 MEDIUM
React applications which rendered to HTML using the ReactDOMServer API were not escaping user-supplied attribute names at render-time. That lack of escaping could lead to a cross-site scripting vulnerability. This issue affected minor releases 16.0.x, 16.1.x, 16.2.x, 16.3.x, and 16.4.x. It was fixed in 16.0.1, 16.1.2, 16.2.1, 16.3.3, and 16.4.2.