6.1
CVE-2021-23445
- EPSS 1.84%
- Veröffentlicht 27.09.2021 17:15:08
- Zuletzt bearbeitet 21.11.2024 05:51:46
- Quelle report@snyk.io
- CVE-Watchlists
- Unerledigt
LoginCross-site Scripting (XSS)
This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Datatables ≫ Datatables.Net SwPlatformnode.js Version < 1.11.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.84% | 0.762 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
| report@snyk.io | 3.1 | 1.6 | 1.4 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
https://security.netapp.com/advisory/ntap-20240621-0006/
https://cdn.datatables.net/1.11.3/
https://github.com/DataTables/Dist-DataTables/commit/59a8d3f8a3c1138ab08704e783bc52bfe88d7c9b
https://lists.debian.org/debian-lts-announce/2023/08/msg00018.html
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1715371
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1715376
https://snyk.io/vuln/SNYK-JS-DATATABLESNET-1540544