Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
Github GHSA |
GHSA-fvhg-p4hf-79x3 | @cyntler/react-doc-viewer's TXTRenderer fails to sanitize file content and explicitly casts raw data as a ReactNode |
Thu, 21 May 2026 08:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Cyntler
Cyntler react-doc-viewer |
|
| Vendors & Products |
Cyntler
Cyntler react-doc-viewer |
Wed, 20 May 2026 19:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Cross‑Site Scripting via Unsanitized Text Rendering in @cyntler/react-doc-viewer |
Wed, 20 May 2026 18:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-79 | |
| Metrics |
cvssV3_1
|
Wed, 20 May 2026 17:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Cross-Site Scripting (XSS) vulnerability in @cyntler/react-doc-viewer v1.17.1 allows remote attackers to execute arbitrary JavaScript via a crafted .txt file. The TXTRenderer component fails to sanitize file content and explicitly casts raw data as a ReactNode | |
| References |
|
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2026-05-20T17:50:41.324Z
Reserved: 2026-03-04T00:00:00.000Z
Link: CVE-2026-30691
Updated: 2026-05-20T17:50:13.807Z
Status : Deferred
Published: 2026-05-20T18:16:26.760
Modified: 2026-06-17T10:32:52.560
Link: CVE-2026-30691
No data.
OpenCVE Enrichment
Updated: 2026-05-21T08:19:28Z
Github GHSA