CVE-2021-23445

Summary

This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped.

Affected Software

VendorProductVersion RangeStatus
n/adatatables.netunspecified < 1.11.3affected

Weaknesses

  • Cross-site Scripting (XSS)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References