CVE-2021-23445

Cross-site Scripting (XSS)

CVSS 3.1 LOWEPSS 1.8%

Vexday Risk Score

8Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 3.1EPSS 1.8%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

27 Sep 2021Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped.

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P

Affected products

n/a · datatables.net

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://cdn.datatables.net/1.11.3/https://github.com/DataTables/Dist-DataTables/commit/59a8d3f8a3c1138ab08704e783bc52bfe88d7c9b https://lists.debian.org/debian-lts-announce/2023/08/msg00018.html https://security.netapp.com/advisory/ntap-20240621-0006/https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1715371 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1715376 https://snyk.io/vuln/SNYK-JS-DATATABLESNET-1540544