Medium severity6.1NVD Advisory· Published May 20, 2026· Updated May 21, 2026
CVE-2026-30691
CVE-2026-30691
Description
Cross-Site Scripting (XSS) vulnerability in @cyntler/react-doc-viewer v1.17.1 allows remote attackers to execute arbitrary JavaScript via a crafted .txt file. The TXTRenderer component fails to sanitize file content and explicitly casts raw data as a ReactNode
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
@cyntler/react-doc-viewernpm | <= 1.17.1 | — |
Affected products
1- Range: =1.17.1
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.