Unescaped HTML Injection Vulnerability in datatables.net (<=1.11.3)
CVE-2021-23445 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped.
Learn more about our Web Application Penetration Testing UK.