CVE-2021-23445

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions datatables.net versions prior to 1.11.3

Description The issue is related to the incorrect handling of an array in the input data by the DataTables plugin, which can allow a remote attacker to compromise data integrity. If an array is passed to the HTML escape entities function, its contents would not be escaped.

Recommendations For versions prior to 1.11.3, update to version 1.11.3 or later to resolve the issue. As a temporary workaround, consider restricting the input to the HTML escape entities function to prevent arrays from being passed to it.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

AZL-66567

BDU:2022-01753

CVE-2021-23445

DLA-3529-1

GHSA-H73Q-5WMJ-Q8PJ

RHSA-2024:3559

RHSA-2024:3560

RHSA-2024:3561

SNYK-JAVA-ORGWEBJARSBOWER-1715371

SNYK-JAVA-ORGWEBJARSNPM-1715376

SNYK-JS-DATATABLESNET-1540544

Affected Products

Datatables.Net

CVE-2021-23445

Weakness Enumeration

Related Identifiers

Affected Products

References · 25