CVE-2021-36713 — Cross-site Scripting in Datatables

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.3%

top 43.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sprymedia Datatables

Timeline

PublishedMar 6

Latest updateOct 15

Description

Cross Site Scripting (XSS) vulnerability in the DataTables plug-in 1.9.2 for jQuery allows attackers to run arbitrary code via the sBaseName parameter to function _fnCreateCookie. NOTE: 1.9.2 is a version from 2012.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDsprymedia/datatables1.9.2

🔴Vulnerability Details

GHSA

GHSA-8q87-cc79-vwjj: Cross Site Scripting (XSS) vulnerability in the DataTables plug-in 1↗2023-03-07

▶

OSV

CVE-2021-36713: Cross Site Scripting (XSS) vulnerability in the DataTables plug-in 1↗2023-03-06

▶

📋Vendor Advisories

Oracle

Oracle Oracle Food and Beverage Applications Risk Matrix: Engagement (DataTables) — CVE-2021-36713↗2024-10-15

▶