Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-6341 PoC — React 跨站脚本漏洞

Source
https://github.com/diwangs/react16-ssr
Associated Vulnerability
Title:React 跨站脚本漏洞 (CVE-2018-6341)
Description:React applications which rendered to HTML using the ReactDOMServer API were not escaping user-supplied attribute names at render-time. That lack of escaping could lead to a cross-site scripting vulnerability. This issue affected minor releases 16.0.x, 16.1.x, 16.2.x, 16.3.x, and 16.4.x. It was fixed in 16.0.1, 16.1.2, 16.2.1, 16.3.3, and 16.4.2.
Description
CVE-2018-6341
Readme
# CVE-2018-6341

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6341

A simple PoC to reproduce XSS vulnerability

## Steps
- `npm i`
- `npm run start`
- Go to `localhost:3006`
File Snapshot

 [4.0K]  /data/pocs/36154db699ed81d75803c4adc5a3205079b663ae
├── [1.1K]  index.js
├── [ 222]  package.json
├── [1.1M]  package-lock.json
├── [4.0K]  public
│   ├── [3.8K]  favicon.ico
│   ├── [1.7K]  index.html
│   ├── [5.2K]  logo192.png
│   ├── [9.4K]  logo512.png
│   ├── [ 492]  manifest.json
│   └── [  67]  robots.txt
└── [ 185]  README.md

1 directory, 10 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →