Cross-site Scripting (XSS)
CVE-2021-23445

3.1LOW

Key Information:

Vendor: Datatables
Status: Datatables.net
Vendor: CVE Published:; 27 September 2021

Summary

This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped.

Affected Version(s)

datatables.net < 1.11.3

References

https://snyk.io/vuln/SNYK-JS-DATATABLESNET-1540544

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1715371

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1715376

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 27, 2021
Vulnerability Reserved
Jan 8, 2021

Credit

Alessio Della Libera of Snyk Research Team