Unescaped HTML Injection Vulnerability in datatables.net (<=1.11.3)

Unescaped HTML Injection Vulnerability in datatables.net (<=1.11.3)

CVE-2021-23445 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped.

Learn more about our Web Application Penetration Testing UK.