CVE-2026-30691

Published: Mag 20, 2026 Last Modified: Mag 20, 2026
ExploitDB:
Other exploit source:
Google Dorks:

Description

AI Translation Available

Cross-Site Scripting (XSS) vulnerability in @cyntler/react-doc-viewer v1.17.1 allows remote attackers to execute arbitrary JavaScript via a crafted .txt file. The TXTRenderer component fails to sanitize file content and explicitly casts raw data as a ReactNode

https://github.com/cyntler/react-doc-viewer/issues/317
https://github.com/cyntler/react-doc-viewer/issues/317
https://github.com/walidriouah/CVE-2026-30691
https://github.com/walidriouah/CVE-2026-30691