Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in wenzhixin/bootstrap-table
Apr 7th 2022
Hello and thank you for the wonderful library! We use it extensively in our app. However, I think we've identified an XSS vulnerability in the Export plug-in.
If you set the exportOptions in your Bootstrap Table to
I think the problem can be worked-around by using a corrected onCellHtmlData callback method - which it looks like the library is already attempting to do. However, as evidenced by the vuln, I think for some reason that callback isn't getting executed, and the default onCellHtmlData callback is firing instead, and that default implementation does appear to be vulnerable.
Proof of Concept
Disclosing session cookies, disclosing secure session data, exfiltrating data to third-parties.