CVE-2021-23445 – datatables.net

Package

Manager: npm
Name: datatables.net
Vulnerable Version: >=0 <1.11.3

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00804 pctl0.73248

Details

Cross site scripting in datatables.net This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped.

Metadata

Created: 2021-09-29T17:11:28Z
Modified: 2024-06-21T22:11:09Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/09/GHSA-h73q-5wmj-q8pj/GHSA-h73q-5wmj-q8pj.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-h73q-5wmj-q8pj
Finding: F008
Auto approve: 1